two-factor authentication
Latest
Google says default 2FA cut account breaches in half
Google says enabling two-factor authentication by default cut those users' account breaches in half.
Here's why your Apple two-factor texts include strange tags
Don't worry if you see unusual tags at the end of Apple's two-factor texts — they're meant to improve security.
Instagram's Security Checkup will help users secure their accounts after a hack
Starting today, Instagram is introducing a new feature to help people secure their accounts following instances where they may have been hacked.
Google is turning on two-factor authentication by default
You'll only need to tap a prompt to confirm your identity.
Facebook adds hardware security key support for Android and iOS
What has been a security option on desktops since 2017 is now finally available on mobile devices as well.
Iranian hackers' Android malware spies on dissidents by stealing 2FA codes
An Iranian hacking group made Android malware that appears built to spy on regime critics by stealing their two-factor codes.
Zoom rolls out two-factor authentication for all accounts
Zoom has unveiled two-factor authentication (2FA) for all user accounts, to make it easier to prevent “zoombombing” and other security breaches.
Google will default to phone notifications for two-factor sign-ins
Google will default to phone verification prompts for two-factor sign-ins instead of less secure SMS codes.
Google Authenticator for Android can finally move accounts between devices
Google has given Authenticator a much-needed update on Android with account transfers between devices and a fresh look.
Google slowly starts requiring two-factor authentication for Nest users
For now, it’s advising Nest owners to ensure they still have access to the email they use for Nest.
Arlo will require two-step sign-ins for its smart home devices
Arlo is following the leads of Nest and Ring in requiring tighter security for its smart home devices. It's warning customers that it'll require two-factor authentication for accounts by the end of 2020. As it explained in a support guide, you'll have to either respond to a push notification or a less secure text message whenever you sign in with a new device. Email security codes will be available as an "automatic back-up option."
Ring now requires two-factor sign-ins for its home security devices
Ring is continuing its bid to improve privacy and security after facing criticism. As of today, the Amazon brand will start requiring two-factor authentication for all users when they sign into their Ring accounts. When the feature reaches you this week, you'll always get a six-digit code sent to either your email or (less recommended) SMS in order to complete the login process. This move will seem more than a little familiar when Nest announced a similar requirement just a week earlier, but it's still good news when it promises to raise the baseline security for Ring's smart home devices.
All Nest accounts will require extra sign-in security this spring
It's not just Ring committing to improving the security of its smart home systems in 2020. Google's Nest has announced that, as of this spring, it will require email-based two-factor authentication for everyone who hasn't previously enabled the feature or migrated to a Google account. This reduces the chances of someone hijacking your smart home setup, even for more ambitious intruders who might use SIM swapping to intercept SMS-based two-factor sign-ins.
Apple engineers propose a way to make using two-factor texts easier
If you've ever used online banking or any other highly-secure website, chances are you've encountered a one-time passcode (OTP) before. These are SMS messages sent to your phone with a unique code that verifies your identity with the website you're on. For a lot of users, inputting this code into the website involves tapping back and forth between the browser and the SMS client -- and in some cases even having to physically write down the code, because it's so long or complicated. Now, Apple engineers have put forward a proposal designed to make the whole process easier and more secure.
Google makes it easier to sign up for advanced hacking protection
It's now clearer why Google made it possible to use an iPhone as a security key -- the company is simplifying sign-ups for its Advanced Protection Program. As of today, anyone with a reasonably modern Android phone (running 7.0 Nougat or later) or iPhone (iOS 10 or later) can enroll in Advanced Protection using just their handset as the security key. You can get airtight security for your Google account without having to carry around a dedicated key fob just to sign in. iOS users will need to download Google's Smart Lock app, but that's the only major hassle.
Your iPhone now serves as a Google security key
You no longer need Android to use your phone as a Google security key. Google has updated Smart Lock for iOS to let you use your device's "built-in security key" -- that is, the Secure Enclave built into every iOS device with Touch ID or Face ID. From then on, you'll just need your iPhone or iPad nearby (plus your usual password) for two-factor authentication when you sign into Google on a desktop using Chrome. It uses a Bluetooth connection to ensure that it's really you and not some distant intruder.
$35 off coupon makes Google's Titan security keys almost free
Whether you use Android or iOS, a hardware security key can provide even more protection against password theft or phishing. It's even more secure than other forms of multifactor authentication, because the site you're logging into has to verify itself to the security key too, which can help protect you against increasingly-tricky phishing attacks. Now, on the same day that Apple increased support for security keys on iOS 13.3, Google has kicked off a sale on its Titan security keys that makes them cheaper than we've ever seen before. Using the code "B-TITAN35OFF" can take up to $35 off of a purchase of security keys, so you can snag the wireless-equipped key that connects over USB, Bluetooth or NFC for just $3.99 (the price of shipping), instead of $35, or a pair of keys that adds a USB unit, at just under $20 instead of $50 plus shipping. It even appears that the code will work on multiple orders, so you could order them separately and use the discount on each one. Looking for the USB-C key that Google teamed with Yubico on? Apply the coupon code and it can be yours for a total of $9.29.
Now Twitter users can enable two-factor without linking a phone number
Twitter has finally made a change users have been waiting a long time to see. No, it's not editable tweets, but as of today everyone can enable two-factor authentication on their account without linking a phone number. While SMS-based two-factor can be a fallback for people who lose access to code-generating devices or don't have security keys, it's very vulnerable to SIM-swapping attacks. Twitter added code generator support a while ago, but still asked users to add a phone number if they wanted the extra verification and you couldn't remove the fallback. That's upsetting for those concerned about their privacy, they may not want to link a phone number to their account at all, and Twitter has already admitted that it used phone-numbers to target ads even for users who declined that. Attackers used SIM-swapping to send tweets from Twitter CEO Jack Dorsey's account earlier this year, and while the exploit didn't use two-factor codes, it showed how vulnerable the SMS-based system can be. If you already have a phone number linked in your profile, then you can go ahead and remove it now. However, a security engineer noted that you can't remove the number and rely simply on a security key for access since that's only supported on the website.
Google teams up with Yubico to build a USB-C Titan Security Key
Google has a new security tool will appeal to people with a lot of USB-C devices. On Monday, the company announced a new version of its Titan Security Key that features a USB-C connector, and you'll be able to buy the accessory starting tomorrow for $40 from the Google Store.
Twitter admits your phone number may have been used for targeting ads
Twitter is only supposed to use phone numbers for two-factor authentication, but it appears to have been unintentionally used for more. The social network has learned that phone numbers and email addresses provided for safety and security (including two-factor authentication) might have "inadvertently" been used for ad purposes. Advertisers on Twitter can customize promos based on uploaded marketing lists, and Twitter may have matched people on those lists based on phone digits and email addresses that were supposed to be off-limits. "This was an error," Twitter said.
