twofactorauth.org – WindowsTechs.com

Turn on MFA Before Crooks Do It For You

Posted on June 19, 2020 by BrianKrebs

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident. Continue reading Turn on MFA Before Crooks Do It For You→

Instagram’s New Security Tools are a Welcome Step, But Not Enough

Posted on August 29, 2018 by BrianKrebs

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. On Tuesday, the Facebook-owned social network said it is in the process of rolling out support for third-party authentication apps. Unfo… Continue reading Instagram’s New Security Tools are a Welcome Step, But Not Enough→

Reddit Breach Highlights Limits of SMS-Based Authentication

Posted on August 2, 2018 by BrianKrebs

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showca… Continue reading Reddit Breach Highlights Limits of SMS-Based Authentication→

Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage

Posted on June 5, 2018 by BrianKrebs

MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users. Continue reading Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage→

The Market for Stolen Account Credentials

Posted on December 18, 2017 by BrianKrebs

Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment. Continue reading The Market for Stolen Account Credentials→

Stolen Passwords Fuel Cardless ATM Fraud

Posted on January 6, 2017 by BrianKrebs

Some financial instutitions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime. Continue reading Stolen Passwords Fuel Cardless ATM Fraud→

Stolen Passwords Fuel Cardless ATM Fraud

Posted on January 6, 2017 by BrianKrebs

The Limits of SMS for 2-Factor Authentication

Posted on September 8, 2016 by BrianKrebs

A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code. Continue reading The Limits of SMS for 2-Factor Authentication→