Collaborate Disseminate
Digital security is a major area of importance in the modern enterprise. With large organizations like Target, LinkedIn, and Yahoo all being breached recently (CNN), IT admins have the security…
The post Outsourced MFA (Multi-Factor Authentication) a… Continue reading Outsourced MFA (Multi-Factor Authentication)
Google Authenticator is a particularly popular smartphone application that can be used as a token for many two factor authentication (2FA) systems by generating a time-based one time password (referred to as TOTP). With Google Authenticator, the combination of your user name and password along with the single-use code generated by the application allows you to securely authenticate yourself in a way that would be difficult for an attacker to replicate.
That sounds great, but what if you don’t have a smartphone? That’s the situation that [Lada Ada] recently found herself in, and rather than going the easy route and …read more
After a decade of prodding, Twitter drastically improved its two-factor authentication on Wednesday, expanding an important security tool widely adopted elsewhere online, including Google and Facebook. The social media company announced support for apps like Google Authenticator and Authy that work offline, independent of carrier or location and are more resistant to eavesdropping or hijacking. Crucially, users can now turn off SMS authentication for the first time. It’s considered one of the least-secure methods of two-factor authentication. Two-factor authentication typically works by requiring a password as well as a second method to log in. Commonly used second factors include SMS codes, small pieces of hardware — such as USB keys or dongles — or even biometric authenticators like fingerprints or face scans. Security experts strongly recommend all users turn on two-factor authentication for important internet accounts including email, banking and social media. Twitter users can upgrade in the settings and privacy section of their profiles. We’re rolling out an update to […]
The post Twitter upgrades two-factor authentication options by allowing third party apps appeared first on Cyberscoop.
Continue reading Twitter upgrades two-factor authentication options by allowing third party apps
Passwords are in a pretty broken state of implementation for authentication. People pick horrible passwords and use the same password all over the place, firms fail to store them correctly and then their databases get leaked, and if anyone’s looking over your shoulder as you type it in (literally or metaphorically), you’re hosed. We’re told that two-factor authentication (2FA) is here to the rescue.
Well maybe. 2FA that actually implements a second factor is fantastic, but Google Authenticator, Facebook Code Generator, and any of the other app-based “second factors” are really just a second password. And worse, that second password …read more
The U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In this post, we’ll parse this a bit more and look at some additional security options for SSA users. Continue reading SSA.GOV To Require Stronger Authentication
Raspberry Pi boards (or any of the many similar boards) are handy to leave at odd places to talk to the network and collect data, control things, or do whatever other tasks you need a tiny fanless computer to do. Of course, any time you have a computer on a network, you are inviting hackers (and not our kind of hackers) to break in.
We recently looked at how to tunnel ssh using a reverse proxy via Pagekite so you can connect to a Pi even through firewalls and at dynamic IP addresses. How do you stop a bad guy …read more
Continue reading Lock Up Your Raspberry Pi with Google Authenticator
A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code. Continue reading The Limits of SMS for 2-Factor Authentication
If you’ve enabled two-step verification (2SV) on your Google account, a logical next step for many is to set up Google Authenticator.
David Bisson explains how.
Continue reading How to better protect your Google account with two-step verification and Google Authenticator
