two factor authentication – Page 14

User data and private messages exposed in Reddit breach

Posted on August 1, 2018 by Mark Satter

Reddit, one of the world’s most popular websites and the self-proclaimed “front page of the internet,” was hacked in June, exposing some user data, internal logs, source code and other files, according to a post published to the platform Wednesday. Chief Technology Officer Christopher Slowe wrote on Reddit’s front page that an attacker compromised the accounts of several employees between June 14 and June 18 using an SMS intercept. The technique involves intercepting the two-factor authentication code that a website or app texts to a user when that person is logging on. “Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope,” read the post from Slowe, who goes by the username u/KeyserSosa. “We point this out to encourage everyone here to move to token-based 2FA.” With SMS codes and passwords […]

The post User data and private messages exposed in Reddit breach appeared first on Cyberscoop.

Continue reading User data and private messages exposed in Reddit breach→

Save the Embarrassment: The Value of Two-Factor Authentication

Posted on July 30, 2018 by Tyler Reguly

These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 295 sites comprising 5.3 billion accounts. This include… Continue reading Save the Embarrassment: The Value of Two-Factor Authentication→

Google takes on Yubico with its own security key, Titan

Posted on July 27, 2018 by Danny Bradbury

Google has increased its efforts to protect online accounts by releasing its own hardware-based security key. Continue reading Google takes on Yubico with its own security key, Titan→

Google takes on Yubico and builds its own hardware security keys

Posted on July 25, 2018 by Frederic Lardinois

Google today announced it is launching its own hardware security keys for two-factor authentication. These so-called Titan Security Keys will go up against similar keys from companies like Yubico, which Google has long championed as the de facto standard for hardware-based two-factor authentication for Gmail and other services. The FIDO-compatible Titan keys will come in […] Continue reading Google takes on Yubico and builds its own hardware security keys→

21-year-old woman charged with hacking Selena Gomez

Posted on July 16, 2018 by Graham Cluley

Popstar Selena Gomez’s alleged hacker has been charged.
Are your secret password reset questions easy to answer with public information?
Continue reading 21-year-old woman charged with hacking Selena Gomez→

How to set up 2FA on eBay – go do it now!

Posted on May 31, 2018 by Maria Varmazis

Thankfully, since we first reported on it, eBay has binned its cumbersome 2FA procedure and replaced it a much easier process. Continue reading How to set up 2FA on eBay – go do it now!→

Your Firefox account can now be secured with 2FA

Posted on May 29, 2018 by Maria Varmazis

Mozilla is rolling out support for two-factor (or two-step) authentication for anyone who has a Firefox account. Continue reading Your Firefox account can now be secured with 2FA→

Facebook no longer requires phone numbers for multi-factor authentication

Posted on May 23, 2018 by Patrick Howell O'Neill

Facebook updated its multi-factor authentication options on Tuesday, no longer requiring a phone number to use the service to sign into the company’s platform. Product manager Scott Dickens laid out the changes in a Wednesday blog post saying that “third-party authentication apps like Google Authenticator and Duo Security” are now easier to use. Those apps offer more security than phone numbers, due to the fact that SMS messages tied to phone numbers can be hijacked. Facebook has also long offered security keys like Yubikey as a multi-factor authentication option. The option to remove phone numbers is significant for several reasons. First, SMS messages are considered an insecure authentication method by authorities including the National Institute of Standards and Technology. Facebook has also run into some issues regarding SMS in the past few months. A bug allowed for the platform to spam users with updates via SMS, which drove users to complain on Twitter about the […]

The post Facebook no longer requires phone numbers for multi-factor authentication appeared first on Cyberscoop.

Continue reading Facebook no longer requires phone numbers for multi-factor authentication→

The Shared Security Weekly Blaze – Efail Vulnerabilities and PGP Encryption, Facebook’s App Investigation, Nest Password Notifications

Posted on May 21, 2018 by Tom Eston

This is the Shared Security Weekly Blaze for May 21, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted … Continue reading The Shared Security Weekly Blaze – Efail Vulnerabilities and PGP Encryption, Facebook’s App Investigation, Nest Password Notifications→