googleauthenticator
Latest
Instagram's app-based two-factor authentication is available now
Now might be a good time to add an extra layer of security to your Instagram account. As previewed in August, Instagram has switched on two-factor authentication using apps like Google Authenticator and Duo Mobile, promising a more secure sign-in process than receiving a text message (an option since 2016). You can enable it by visiting the Privacy and Security section of the mobile app's settings, choosing Two-Factor Authentication, and then toggling the Authentication App option. Instagram can scan for compatible authenticators on your phone or invite you to download one.
Facebook won't require a phone number for two-factor authentication
One good thing to come from Facebook's government scrutiny is that the social network makes an advancement in security, it's very loud about the fact. Today Facebook announced that protecting your account via two-factor authentication is getting easier. In a blog post, Scott Dickens of the social network's security team said that now you can use Google Authenticator and Duo Security to prevent unauthorized logins. You'll still be able to use your phone number for code delivery, of course, it's just that now you have a few more options beyond that. If you're traveling abroad and forget to write down any recovery codes in advance, this should make life a little less stressful.
Google Authenticator takes security codes from your smartwatch
It can be annoying to set up two-factor authentication and boost the security of your accounts, but Google may have found a way to ease your pain. It's delivering an update to Authenticator for Android that not only touts a "refreshed" design, but receives codes from Android Wear smartwatches. You're no longer stuck using this solely on your phone. To top things off, Google is rolling in early support (sadly, developer-only) for the FIDO Alliance's NFC Security keys -- in the future, you may only need to tap devices together to sign in. If you can't bear the thought of logging in with a regular password, you'll want to grab this upgrade in short order.
Google releases, then pulls Authenticator app version 2.0
Google released version 2.0 of its Authenticator app earlier today, only to pull it from the App Store as users complain that it erased existing stored data and connected accounts. Within hours of the app's release, reviewers reported that it had erased tokens on the iPhones for apps like Dropbox, GoogleApps, Dreamhost, Twilio and Evernote. In some instances, those users found themselves locked out of their apps until they contacted support for each one. Two-step authentication is becoming the standard for password security, and we're sure Google is working on a fix now. When it's back in the store, we'll let you know.
Evernote introduces two-step verification, other security enhancements
Evernote's motto is "remember everything," which means that you might put everything onto the cloud service -- work notebooks, pictures of food, business cards, you name it. One problem with placing all of that personal and work-related information in the cloud is that it makes it a target for identity thieves. Today, Evernote announced three new security-related features to protect your information from prying eyes. The first is two-step verification, which according to Evernote will happen only when you log into Evernote Web or install Evernote on a new device and is only available at this time to Evernote Premium and Business users. Eventually, the company plans to roll out two-step verification to all users. As with other two-step verification methods used by Apple, Google and Dropbox, you combine your password (something you know) with something you have -- a device or browser into which a random six-digit code is entered. That code can either be sent as a text message to your device, or users can fire up Google's Authenticator app to generate the code for them. Evernote emphasizes that two-step verification is optional, and warns users that if they lose access to the secondary access method they can "run the risk of permanently locking yourself out of your account." The other enhancements, which are available to all users of Evernote, include Authorized Applications and Access History. If you lose a computer or device, you can revoke access rights to Evernote from that device using the Evernote Web Account Settings. That app or device will request a password from a user the next time it is launched. Likewise, Access History provides a way to see every time your account was accessed -- including location and IP address -- for the last 30 days. If all of your work is done from a home office in Colorado and you suddenly see that your info is being accessed from Shenzen, China, it's time to change passwords and set up two-step verification (if it's not too late). Evernote spokesperson Ronda Scott noted that "Implementing two-step verification was not trivial. It required updates to all of our applications including Evernote, Skitch, Penultimate, Evernote Food and others and significant back-end work. We've always intended to add two-step as an option to those who wanted it. Back in March we said this was coming and we're rolling it out starting today."
