TwoFactorAuthentication
Latest
Someone really wants 'No Man's Sky' developers to apologize
The internet hivemind's vile side was at it again this morning. This time, by apparently hacking the Twitter, Linkedin and email accounts of No Man's Sky developer Hello Games. Buckle up because this gets messy. "No Man's Sky was a mistake." Following an extended period of silence from the developer, that (now deleted) tweet went out earlier today. Thinking something was afoot, Kotaku reached out to the developer via email and was told that, "No, the tweet was not a hack, but rather a disgruntled employee. The email that we sent however was official." Except the publication had received no prior emails.
PlayStation Network finally adds two-factor authentication
Considering how much the PlayStation Network breach cost Sony, it's kind of crazy that the service didn't offer two-factor login authentication before now. But, that's no longer the case. Protecting your PlayStation account is SMS-based (which has its own limitations) versus using an authenticator app, however. You can set up device passwords for the PlayStation 3 and Vita handheld, and, really, from there it doesn't differ much than you're used to with other apps and services.
LastPass app takes the pain out of two-factor sign-ins
Many will tell you that it's wise to use two-factor authentication to lock down your internet accounts. Actually using it, however, is another story -- there's only so many times you can enter passcodes from your phone before you tear your hair out. LastPass thinks it has a better way. It's launching a LastPass Authenticator app for Android, iOS and Windows Phone that softens the blow when you have many accounts. Instead of entering a passcode to get into LastPass, you can have Authenticator send a simple verify button to sign in with one tap.
Apple made it harder for hackers to breach FaceTime and iMessage
As a means to further secure your digital life, Apple said today that it's adding two-step verification to FaceTime and iMessage. That still leaves the likes of iTunes and the Apple website vulnerable to ne'er-do-wells who want to remotely access your sensitive info (and have your password), of course, but now Cupertino's universal messaging and video chat programs are locked down a bit further. Given the progress that's been made toward adding the second authorization step to the rest of its ecosystem in recent months, it likely won't be too long before those spots are buttoned up too. Any questions? The Apple two-step verification FAQ is only a click away.
Apple's two-factor authentication still leaves some of your data exposed
Apple took a big step forward when it expanded the scope of its two-step authentication last year, since it's now relatively hard to peek at someone's sensitive content unless you also have their device. However, this extra security measure still isn't the all-encompassing safety net you might expect it to be. Need proof? Just ask Dani Grant: she recently gave a friendly reminder that two-factor doesn't even enter the picture with a number of Apple's services. You only need an Apple ID's email address and password to get into FaceTime, iMessage, iTunes and the company's website. You'll need verification if you change account details, sign in to iCloud or try to buy an app, but that basic login is enough to see people's contact information, view their app download history or impersonate them on iMessage. You don't always get email alerts (they typically appear when signing into FaceTime, iCloud or iMessage for the first time on a new device), so it's possible for someone to misuse your account without your knowledge.
The internet's governing body was hacked, too
The Sony Pictures hack is getting all of the attention right about now, but it turns out that another prominent organization recently was victim to a security breach as well. Last month, ICANN, the outfit that regulates the internet's domain names and IP addresses, fell prey to a phishing attack that tricked employees into giving out email login info. What'd the ne'er-do-wells get a hold of? Administrative access to all the files in the Centralized Zone Data System. Which, as The Register points out, granted the hackers access to unalterable generic zone files (what're needed to resolve domain names to IP addresses), and gifted them with contact information for, among others, some of the world's registry administrators. Passwords were stored as "salted cryptographic hashes," but ICANN deactivated them as a precaution anyway. The firm's wiki was breached too, but aside from public information, a members-only index page and one user's profile, no other private data was viewed.
Hacking your iCloud files just got easier, even with two-step enabled
An update to Elcomsoft's Phone Breaker software now makes it easier for bad guys to bypass Apple's vaunted new two-factor authentication to steal your iCloud stuff. As before, the hackers would need some information to start with -- either your Apple ID/password plus a two-factor code, or a digital token stolen from, say, your laptop. That would give them access to your account anyway, but here's the kicker: The Phone Breaker app can then create a digital token granting intruders permanent access without a two-step code until you change the password. It also allows someone to view all your iCloud files at a glance, making it easier to pick and choose which to steal. The tool is used legitimately by law enforcement to access lawbreakers' phones, but was also recently implicated in a celebrity phone hack.
Windows 10 has new ways to protect you against internet data breaches
There are plenty of online services that use two-factor authentication to reduce the chances of someone hijacking your account after a data breach, but what about the operating system on your PC or phone? You'll get that safeguard if you use Windows 10, according to a Microsoft security brief. The new OS will optionally treat a device (including something nearby, like your phone) as one authentication factor when signing into a local or internet account, and a PIN code or biometric reader as the second. If hackers find your login data sitting on a server, they won't get to use it unless they also have your gear -- and in some cases, they may need a fake fingerprint as well.
Xbox One update makes multitasking easier and everyone more secure
We knew that the October update coming to the Xbox One would make it act more like the 360, but Redmond has packed a few other features into it too. In addition to double-tapping the Guide button to call up your friends list and achievements, this patch adds what amounts to two-factor authentication for your account (something new for Xbox-only Microsoft logins), according to Xbox Live's Larry "Major Nelson" Hyrb. A select few markets are getting access to a tweaked Live TV setup option too, which will automatically detect the set-top box plugged into the One's HDMI-In port (sounds like HDMI-CEC to us). The new media player app is improved, with support for MKV and access to media stored on DLNA servers. You can hide any games that are cluttering up the "ready to install" portion of your collection now as well. Handy! The 249MB update is rolling out starting today, and you should be able to force the download from the system's settings menu.
WSJ writer gives Twitter password to the internet and the obvious happens
We put a ton of trust in technology everyday, but are you confident enough in two-factor authentication to give out any of your passwords? Christopher Mims of The Wall Street Journal is. In a post on the site proclaiming that passwords are "finally dying," Mims extolls the virtues of the secure login method immediately after giving out his Twitter password. He says that he's confident he won't be hacked because, among other reasons, the second authentication step (a text message containing a numerical code that's sent to the user's cellphone, or an app that generates a code should you be outside of cellular data range) is apparently difficult to intrude upon. As Forbes has spotted though, Mims' Twitter account has since been slammed with people trying to login to it, his phone blew up with authentication codes as a result, forcing him to associate a different phone number with the microblogging service.
Twitter for iOS and Android bestowed with security updates, new photo galleries
iOS and Android users should be seeing an update to the official Twitter app on their devices today, and there are a few enhancements to the app's login verification process as well as a few feature changes. First, the security-based improvements: you're able to enroll in login verification and approve login requests directly from the app, with no SMS messages required. It all revolves around push notifications, so your phone number isn't even necessary; you'll also enjoy international support, details about location and browser, backup codes and more. Additionally, social context is now included with the search menu, which allows you to see how you're connected to various users, and there's also a new photo gallery in search that can be accessed by pressing "view more photos" in your search results. Lastly, the iOS app has a few tweaks of its own: you'll be able to see the same photo gallery UI on user profiles so you can see all of a specific account's images, and you can also manage lists within the app itself. Check out the official blog for more details.
LinkedIn adds two-factor authentication through SMS
Who knew that tighter security was all the rage these days? Following Dropbox, Google and virtually everyone else, LinkedIn has joined the trendy (if smart) ranks of those offering two-factor authentication as an option. Switch it on and you'll have to enter a verification code delivered by SMS before you can log in with a device that LinkedIn doesn't recognize. That's all there is to the process, really, but it may be enough to prevent ne'er-do-wells from messing with your CV.
Google joins the FIDO Alliance, supports its two-factor authentication standard
Google's already investing in two-factor authentication, but it's making a bigger commitment to the security method by joining the FIDO (Fast IDentity Online) Alliance's board of directors. Founded in-part by heavyweights Lenovo and PayPal, the group envisions a future where an open standard developed by it will lead to interoperable two-step security that can log users into sites and cloud apps across the web -- not to mention replace passwords as we know them. While support for USB keys is certainly in the works, the group expects to throw its weight behind the likes of NFC, voice and facial recognition, fingerprint scanners and more. There's no telling how soon FIDO's efforts will bear fruit, but the search titan's support ought to help move things along. [Image credit: Marc Falardeau, Flickr]
Apple adds two-factor authentication to your Apple ID
Apple is beefing up the security of its Apple ID by adding two-factor authentication to the account login process. Customers concerned about unauthorized access to their Apple ID can login to their account at Apple's My Apple ID webpage and turn on the feature as described below: Go to My Apple ID (appleid.apple.com) Click the "Manage your Apple ID" button to login to your Apple ID Enter your Apple ID and password and click "Sign In" Select "Password and Security" in the left-hand column Type in the answers to your account security questions if you are prompted to answer them. You will see Two-Step Verification at the top of the page. Click on "Get Started" and follow the on-screen instructions. If you have two-factor verification enabled, you will be required to enter both your password and a 4-digit code to verify your identity. According to Apple's support page, you will need this information whenever you sign in to My Apple ID to manage your account, make an iTunes / App Store / iBookstore purchase from a new device or get Apple ID-related support from Apple. You can read more about the security feature on Apple's support website, and check out Glenn Fleishman's thorough pros and cons rundown on TidBITS.
