TwoFactorAuthentication
Latest
Instagram's app-based two-factor authentication is available now
Now might be a good time to add an extra layer of security to your Instagram account. As previewed in August, Instagram has switched on two-factor authentication using apps like Google Authenticator and Duo Mobile, promising a more secure sign-in process than receiving a text message (an option since 2016). You can enable it by visiting the Privacy and Security section of the mobile app's settings, choosing Two-Factor Authentication, and then toggling the Authentication App option. Instagram can scan for compatible authenticators on your phone or invite you to download one.
Ubisoft rewards two-factor use with free 'Rainbow Six: Siege' skin
Epic isn't the only one using the promise of free in-game fashion to promote healthier security. Ubisoft is rewarding account holders with a free Rainbow Six: Siege skin if they enable two-factor authentication. It's a somewhat complicated process (it entails the Google Authenticator mobile app and QR codes), but the developer is betting that the allure of a unique operator outfit will be worth the hassle. As it is, you'll need to do this if you're the competitive sort -- 2FA will be required for ranked matches in the near future.
Google’s $50 Titan security keys are now available in the US
Last month, Google introduced its Titan Key -- a physical security key used for two-factor authentication -- and now it's widely available in the US. For $50, you'll get a USB security key and a Bluetooth security key as well as a USB-C to USB-A adapter and a USB-C to USB-A connecting cable.
Instagram displays more info to prove popular accounts are legit
Instagram is no stranger to fake accounts, and it's taking extra steps to ensure that you're not following fraudsters. It's rolling out an "About This Account" feature in the next few weeks that will show you details for users with large follower counts, including when they signed up, where their activity is located, the ads they're running and their social connections. You can figure out whether that politician's account is just a Russian ploy, or whether your celebrity crush really followed you.
Facebook won't require a phone number for two-factor authentication
One good thing to come from Facebook's government scrutiny is that the social network makes an advancement in security, it's very loud about the fact. Today Facebook announced that protecting your account via two-factor authentication is getting easier. In a blog post, Scott Dickens of the social network's security team said that now you can use Google Authenticator and Duo Security to prevent unauthorized logins. You'll still be able to use your phone number for code delivery, of course, it's just that now you have a few more options beyond that. If you're traveling abroad and forget to write down any recovery codes in advance, this should make life a little less stressful.
Facebook: Two-factor authentication spam was caused by a bug
A number of people have been receiving random notifications from Facebook after giving the social network their phone number for two-factor authentication. Worse, if they attempt to cancel that by replying to the message, say with STOP or CANCEL, Facebook would post their replies as a status update for all to see. Now, the social network has admitted that the issues were caused by a bug and promised to roll out a fix that will stop non-security-related notifications in the next few days.
Uber security flaw compromised two-factor authentication
Two-factor authentication only works if it's strictly enforced in software, and it sounds like Uber might have fallen short of that goal for a while. In a chat with ZDNet, security researcher Karan Saini has revealed a flaw in Uber's two-factor verification that reportedly rendered it useless. Saini has been keeping the exact details of the exploit under wraps to prevent abuse, but it revolved around a vulnerability in how Uber authenticates users when they sign in. The net effect was clear: an intruder might have only needed your username and password to sign in, giving them the chance to swipe personal info or misuse services.
LastPass fixes fingerprint security flaw in its Authenticator app
Password manager LastPass has an extra layer of protection for its Authenticator app, in the form of a fingerprint and/or PIN that ostensibly keeps people out of your passwords if they find your phone unlocked. Last week, a developer posted that he'd been able to bypass this security feature on the Android version of the app. As of right now, though, LastPass users can download an update to the app that fixes the issue and adds a one-time code when the fingerprint/PIN feature is first enabled.
Twitter two-factor authentication can work solely via third-party apps
For years, Twitter's two-factor sign-in process has required SMS at some level, even if just as a backup. That's all well and good on a phone, but what about when you're on a tablet, or are in a situation (say, traveling abroad) where you'd rather not get a text? You're set from now on. Twitter has added support for verifying your sign-in exclusively through a third-party app. You still need a phone number to get things started, but software like Google Authenticator and Duo Mobile can now fill in after that, with no SMS fallback. The setup process is relatively straightforward -- the biggest step is scanning a QR code to produce the verification number you need.
Bank of America is adding two-factor fingerprint authentication
In the wake of recent security breaches, including but certainly not limited to Equifax, Bank of America has stated it will integrate fingerprint-based two-factor authentication into its online banking setup. The financial institution will start using Intel's Online Connect system to ensure customer security at some point in 2018.
Nintendo rolls out two-step authentication for online accounts
Nintendo now supports two-factor verification to its Nintendo Accounts. This adds another layer of security by requiring codes generated from the Google Authenticator app, though it comes years later than most other gaming platforms.
US carriers partner on a better mobile authentication system
Two-factor authentication (2FA) via SMS and a smartphone provides a heavy dose of additional security for your data, but as the US government declared last year, it's not without its flaws. To fix that, the big four US mobile operators, Sprint, T-Mobile, Verizon and AT&T have formed a coalition called the Mobile Authentication Taskforce to come up with a new system. Working with app developers and others, they'll explore the use of SIM card recognition, network-based authentication, geo-location, and other carrier-specific capabilities.
Google will nudge SMS two-factor users to try its way instead
Google rolled out a new look and feel for two-factor authentication earlier this year, and soon it will encourage people still using the text message-based system to try it out. Google Prompt pops up a notification on authorized mobile devices with information about a login attempt, including what device it's coming from.
Pinterest enables two-factor authentication for all users
It seems as though online security is at the top of everyone's priority list these days, and now Pinterest is stepping up to the plate. The social network is introducing a slate of new features aimed at protecting users' accounts.
LastPass will store two-factor codes alongside your passwords
Keeping track of a list of secure passwords across your myriad accounts and services is a nightmare, but it's necessary for the future we live in. LastPass, the password management app, wants to make it a little more convenient on mobile. With the latest update to its authenticator application, two-factor authentication codes will now be stored in your password locker along with everything else.
Instagram will start blurring 'sensitive' photos in your feed
In recent months, Instagram has taken some long-overdue steps to reduce abuse on its platform and generally make the experience better and safer for all users. Today, the company has announced another change in line with those goals. When you're browsing pictures or a user profile, you might start seeing a filter over images marked as "sensitive." Instagram says that these images are ones that other users have reported but don't technically violate the service's guidelines.
A security expert's guide for digital domestic violence victims
Domestic abuse takes many forms. And given the future we live in, it probably shouldn't come as a surprise that your digital life is another venue for intimidation. If you find yourself in such a situation where your phone is being used against you, Hack*Blossom has put together a guide for how to protect yourself from location stalking and text abuse, among other scenarios.
WhatsApp offers two-step verification to everyone
What was once in beta is now available to everyone. WhatsApp is rolling out two-step verification, an additional layer of security, to all of its users on iOS, Android and Windows. It's an optional feature which you can set up by heading to Settings, followed by Account and Two-step Verification inside the app. You'll need to create a six-digit passcode, which will then be required every time you try to register your phone number with WhatsApp (for instance, when setting up your account on a new smartphone).
Facebook offers extra security with USB key support
None of us want strangers accessing our accounts online. You might use a password manager, or two-factor authentication via SMS, but there's another way you can stay protected -- physical security keys. Following Google, Dropbox and others, Facebook has added support for these privacy-centric dongles today. When you log into your account, that means you can choose to prove your identity with a special USB stick (that supports the open Universal 2nd Factor (U2F) standard), rather than a code sent to your phone. Yes, it's another object to keep on your keychain, but in return, you'll be getting a superior level of protection.
Whatsapp starts rolling out two-factor authentication
Whatsapp is one of the biggest messaging services out there, so it's a little surprising that it hasn't supported two-factor authentication. That is, until now -- as noted by Android Police, people using the beta version of Whatsapp are starting to see the option to turn on this extra security measure.
