two-stepauthentication
Latest
Google Authenticator takes security codes from your smartwatch
It can be annoying to set up two-factor authentication and boost the security of your accounts, but Google may have found a way to ease your pain. It's delivering an update to Authenticator for Android that not only touts a "refreshed" design, but receives codes from Android Wear smartwatches. You're no longer stuck using this solely on your phone. To top things off, Google is rolling in early support (sadly, developer-only) for the FIDO Alliance's NFC Security keys -- in the future, you may only need to tap devices together to sign in. If you can't bear the thought of logging in with a regular password, you'll want to grab this upgrade in short order.
Apple testing two-step verification on iCloud site, apps
Update 9/2/2104: It looks like this test never made it to full release, as iCloud users are still not prompted to authenticate with 2FA when logging into iCloud.com. With all the security risks populating the world, two-step verification is the strong standard to have for information safety. Apple brought the process to your Apple ID last year, now iCloud and its associated apps are getting it as well. With a two-step verification users must enter a code that is sent to their device after you enter your password. This current wave of two-step verification hasn't hit all users just yet -- as noticed by the folks at AppleInsider this morning, some users aren't seeing the prompt when they login to their iCloud accounts. You'll be able to tell if the two-step verification has been activated on your iCloud account the moment you login, as your web apps will all be greyed-out with a lock over them. Once the verification process is completed all of the apps will be accessible. There's one exception to the greyed-out apps; Find My Phone. Given that it's possible you may have lost the trusted device Apple would be sending your verification code to, that was a wise move on Apple's part. If you login to iCloud today and nothing has changed, don't worry. You can expect to see the added layer of security hitting your setup sometime in the near future.
Tumblr gets two-step verification, makes your GIFs more secure
If you've scrolled through Tumblr lately and thought to yourself, "Hey, this could use some added security," the blogging platform has your back. Today the outfit announced that it's adding two-step authentication as a means of keeping your account safe. Authentication codes are sent either via a text message or an app like Google's Authenticator, and work akin to basically every other service that uses them: simply input the code with the rest of your login credentials and you should be good to go. Tumblr says that the verification process won't interfere with using the mobile apps, but you'll need to create a one-time password via your account settings page in order to sign in on your device. From the sounds of it, this shouldn't take any longer than finding your next favorite Emma Stone GIF might.
Microsoft accounts now let you flag suspicious activity before it's a problem
Internet account security is frequently a black box; you may not know that something's wrong until there's a notification email or a credit card bill. If you use a Microsoft account, though, you now have some preventative tools. A new security upgrade lets account holders see a history of recent sign-in attempts and settings changes. They can warn Microsoft if there's something amiss, such as foreign access or unexpected password resets. The refresh also provides more control over where notifications go, and fans of two-factor authentication can create recovery codes so that they're never completely locked out. Redmond's security improvements won't stop hackers by themselves, but the company will use account warnings to refine its protection -- any attempts to crack your account could help others avoid the same fate.
This week on gdgt: the new Nexus 7, the Leap, and two-step authentication
Each week, our friends at gdgt go through the latest gadgets and score them to help you decide which ones to buy. Here are some of their most recent picks. Want more? Visit gdgt anytime to catch up on the latest, and subscribe to gdgt's newsletter to get a weekly roundup in your inbox.
LinkedIn adds two-factor authentication through SMS
Who knew that tighter security was all the rage these days? Following Dropbox, Google and virtually everyone else, LinkedIn has joined the trendy (if smart) ranks of those offering two-factor authentication as an option. Switch it on and you'll have to enter a verification code delivered by SMS before you can log in with a device that LinkedIn doesn't recognize. That's all there is to the process, really, but it may be enough to prevent ne'er-do-wells from messing with your CV.
Evernote introduces two-step verification, other security enhancements
Evernote's motto is "remember everything," which means that you might put everything onto the cloud service -- work notebooks, pictures of food, business cards, you name it. One problem with placing all of that personal and work-related information in the cloud is that it makes it a target for identity thieves. Today, Evernote announced three new security-related features to protect your information from prying eyes. The first is two-step verification, which according to Evernote will happen only when you log into Evernote Web or install Evernote on a new device and is only available at this time to Evernote Premium and Business users. Eventually, the company plans to roll out two-step verification to all users. As with other two-step verification methods used by Apple, Google and Dropbox, you combine your password (something you know) with something you have -- a device or browser into which a random six-digit code is entered. That code can either be sent as a text message to your device, or users can fire up Google's Authenticator app to generate the code for them. Evernote emphasizes that two-step verification is optional, and warns users that if they lose access to the secondary access method they can "run the risk of permanently locking yourself out of your account." The other enhancements, which are available to all users of Evernote, include Authorized Applications and Access History. If you lose a computer or device, you can revoke access rights to Evernote from that device using the Evernote Web Account Settings. That app or device will request a password from a user the next time it is launched. Likewise, Access History provides a way to see every time your account was accessed -- including location and IP address -- for the last 30 days. If all of your work is done from a home office in Colorado and you suddenly see that your info is being accessed from Shenzen, China, it's time to change passwords and set up two-step verification (if it's not too late). Evernote spokesperson Ronda Scott noted that "Implementing two-step verification was not trivial. It required updates to all of our applications including Evernote, Skitch, Penultimate, Evernote Food and others and significant back-end work. We've always intended to add two-step as an option to those who wanted it. Back in March we said this was coming and we're rolling it out starting today."
Apple's two-step ID now rolling out to a worldwide release
Apple recently introduced two-step verification for your Apple ID in certain countries, and the process is now being expanded to the rest of the world. The feature, which requires two different codes for verifying your Apple ID (if you want to be extra safe) was initially only available in the US, UK, Australia, Ireland and New Zealand. But Apple has now included Canada in on the feature, as well as users in Argentina, Pakistan, Mexico, the Netherlands, Russia, Austria, Brazil, Belgium and Portugal. In other words, two-step authentication is now rolling out to a more or less worldwide release. The authentication process is still optional -- if you don't think you need it, you can still stick with just your Apple ID password as a login. The process does help security, though it's still not a perfect solution. Apple only implemented this procedure earlier this year due to some security concerns on behalf of users. But it will help against some attacks, and it should work as another step to keep unwanted invaders out of your Apple ID account.
Two-step verification starts rolling out for Microsoft accounts
Everyone else is doing it, so why not Microsoft, right? The company has been accused of playing the "me too" game in the past, but we're not going to complain when the the end result is better security. As we learned from a leak last week, Redmond will begin enabling two-step verification for Microsoft accounts. The switch will get flipped for everyone over the next few days and, with email, Xbox Live and Skype (just to name a few) associated with the service formerly known as Live, it's never been more important to keep it locked down. (Especially when others are learning this lesson the hard way.) The two-factor gateway is purely opt-in, except where it's already been required: editing credit card information and accessing SkyDrive from a new computer. There's even a dedicated authenticator app for Windows Phone 8, which works whether or not you've got an internet connection. There's loads more detail at the source and you can check to see if the feature has been turned on for your account at the more coverage link. And if you can, we strongly suggest you turn it on. Like, now.
