security key
Latest
Apple releases iOS 16.3 with support for physical security keys
Apple’s latest mobile software update lets you log into your Apple ID with a physical security key.
Apple expands iCloud encryption as it backs away from controversial CSAM scanning plans
Apple is rolling out new security features that include encryption for most of your iCloud data — much to the chagrin of law enforcement.
Yubico's new security keys have fingerprint readers for added protection
YubiKey Bio devices are available in USB-A and USB-C formats.
Facebook adds hardware security key support for Android and iOS
What has been a security option on desktops since 2017 is now finally available on mobile devices as well.
Yubico's latest security key uses NFC and USB-C for authentication
Yubico, the company that wants you to drop passwords and use a physical hardware key instead, has unveiled a new product that works with just about any device and authentication protocol. The YubiKey 5C supports both USB-C and NFC, so it supports Windows, macOS and Linux PCs, along with Android and iOS smartphones or tablets.
Google can add account security keys through Safari and mobile Chrome
If you're determined to keep your Google account airtight with a security key, you might have an easier time getting started. Google has made it possible for G Suite and Cloud Identity users to register security keys using both Chrome on Android devices (using at least Android 7.0 Nougat and Chrome 70) and Safari on Macs (13.0.4 and later). This includes both keys you've registered independently as well as ones from the Advanced Protection Program for enterprise users.
Google makes its Titan security keys available across Europe
Google's Titan security keys are now available in more regions. The company started selling them in the US a month after they were launched, and while it eventually rolled them out to more countries, their availability remained limited. Now, the tech giant has announced on its security blog that the Titan Security Key bundle (consisting of a USB-A/NFC key and a Bluetooth/USB/NFC key), as well as the USB-C Titan Security Key are now being sold on the Google Store in in Austria, Germany, Italy, Spain and Switzerland.
Yubico is making it easier for businesses to buy its YubiKeys
A growing number of companies are looking at hardware authentication security keys as a trusted and convenient way to protect sensitive corporate data. Indeed, Google has recently launched an open source project to help advance the uptake of this technology. But for companies with hundreds of employees, ensuring the right people have the right keys can be a huge logistical undertaking and added expense. As such, security key maker Yubico has launched an enterprise service to help businesses integrate the tech into their operations more easily.
Google open-sources the tools needed to make 2FA security keys
Security keys are designed to make logging in to devices simpler and more secure, but not everyone has access to them, or the inclination to use them. Until now. Today, Google has launched an open source project that will help hobbyists and hardware vendors build their own security keys, and contribute to the technology's ongoing development.
Yubico's authenticator app now supports NFC for iOS devices
In addition to releasing enhanced parental controls with iOS 13.3, Apple has also rolled out an update that will give you more opportunities to use your NFC-enabled YubiKeys. The update has enabled Yubico to introduce NFC support for the company's authenticator app, which allows you to use the company's keys with any service or application as long as it supports two-factor authenticators like Authy and Google's.
Apple may offer tighter iOS parental controls this week
Apple's flurry of iOS updates might include one more substantial tweak before the holiday break. Vietnamese carrier Viettel has posted a page that hints at a release for iOS 13.3 (plus a minor watchOS 6.1.1 update) this coming week, most likely on or before December 11th. The new software could represent a big deal for parents thanks to the ability to limit access to contacts in Screen Time -- you can specify who your kids can talk to and when. This only applies to voice calls, FaceTime and Messages, but it could be helpful if you'd rather not let your child hold all-night video chats with their friends.
Windows users can now log in using Yubico security keys
If you're looking to secure a device or you struggle to remember passwords, there's now a new option available. Hardware authentication manufacturer Yubico is updating its device support, now offering Windows login through its YubiKey security system.
Google stats show how much a recovery number prevents phishing
In case you haven't already set up a recovery phone number for your Google account, and enabled extra security features like multifactor authentication, the search giant is using hard data to explain why you should. Interestingly, studies (1)(2) researchers presented this week at The Web Conference found that simply adding a recovery phone number to an account blocked 100 percent of automated attacks, 99 percent of bulk phishing attacks and 66 percent of targeted attacks during the period they investigated. That's why you should take advantage of a tool like the Security Checkup now, while your account is still secure, and get at least that level of protection enabled.
Google recalls some Titan security keys after finding Bluetooth vulnerability
Google is recalling its Bluetooth Titan security keys due to a vulnerability that could allow attackers to connect to your device. No need to panic -- the bug only seems to apply to a very narrow set of circumstances, according to a blog post published by Google on Wednesday. The attacker would have to be within 30 feet of you during the moment you press the button on your Titan Key to activate it, and also know your username and password. In this scenario, the attacker could then use their device to act as your security key and access your device.
Your Android phone's volume key can unlock your Google account
Google just made two-step verification a little easier for Android users. Android phones running 7.0+ Nougat or newer can be used as a physical security key to confirm a user's identity when logging into a Google account with the Chrome browser. When prompted, users will simply hold the volume button on their phone to verify their log-in attempt. This isn't the only option for two-step verification, but it will likely be faster and more convenient than, say, using a physical key fob.
Google users can sign into Firefox and Edge with a security key
Until now, you've had to use Chrome to sign into your Google account with a security key. You won't have to be quite so choosy going forward, though. Google has transitioned to using the new Web Authentication standard for hardware-based sign-ins, making your key useful in Firefox, Edge and other browsers that rely on the format. That could be particularly helpful if you want to check your Gmail on an unfamiliar PC and would rather not install Chrome or punch in a password.
Google streamlines two-step verification with security keys
Google just made it easier to lock down your account if you're a G Suite user. The internet giant is trotting out a series of updates for two-step verification, starting with the interface itself. You'll see new instructions text and images to walk you through the process of setting up a security key, and the flow for that process now changes depending on the browser you're using. You'll get an experience unique to Chrome or Safari, for instance.
Star Wars: The Old Republic launches Android authenticator and upcoming test server
If analyst predictions hold true, Star Wars: The Old Republic is going to be big. And that means that it's going to be heir to the natural problem of account hackings, the sort of thing that goes hand in hand with every major MMO. Luckily, the game has launched with security authenticators already available, with a physical version and an Apple app available right out of the gate. The mobile authenticator for Android devices is also now available, meaning that you have a multitude of ways to ensure that the only threats to your characters are those of the blaster-wielding variety. Once you've gotten through the authenticator stage, however, perhaps you'd like to see what's coming next for the game? Ask a Jedi reports that it looks like BioWare is in the process of setting up a public test server, giving every subscriber a chance to enjoy the upcoming patches and updates before they go live. While players will not be able to copy characters from the live servers to the test environment at this time, the team behind Star Wars: The Old Republic seems to be polishing up the game on a daily basis even though it's just launched, so that likely won't remain the case for long.
PayPal to offer security key fobs for additional account protection
For every stupendous scam that crafty / immoral individuals pull off on eBay, there's at least a couple phishing scams out there trying to jack your precious eBay or PayPal password and access your hard-earned dollars. PayPal is readying a VeriSign security key that will resemble the RSA SecureID we corporate workers are all too familiar with with, and will sport a monochrome LCD screen that rotates a six-digit password every 30 seconds. Clients who opt to use this device will be able to enter it along with their usual username / password credentials when logging in, which would prevent scammers from accessing their account without the key fob in hand. The firm has been testing the device with employees for "several months," and plans to start trialing it with customers "within a month or so." Personal account owners in America, Germany, and Australia will eventually have the option of picking one up for a one-time fee of $5, while business accounts will receive the unit gratis, but if you're not savvy enough to pass on by those tempting scams, five bucks could be a small price to pay to keep your cash out of strangers' hands.[Via jkOnTheRun]