Two-factorAuthentication
Latest
LastPass app takes the pain out of two-factor sign-ins
Many will tell you that it's wise to use two-factor authentication to lock down your internet accounts. Actually using it, however, is another story -- there's only so many times you can enter passcodes from your phone before you tear your hair out. LastPass thinks it has a better way. It's launching a LastPass Authenticator app for Android, iOS and Windows Phone that softens the blow when you have many accounts. Instead of entering a passcode to get into LastPass, you can have Authenticator send a simple verify button to sign in with one tap.
Google Authenticator takes security codes from your smartwatch
It can be annoying to set up two-factor authentication and boost the security of your accounts, but Google may have found a way to ease your pain. It's delivering an update to Authenticator for Android that not only touts a "refreshed" design, but receives codes from Android Wear smartwatches. You're no longer stuck using this solely on your phone. To top things off, Google is rolling in early support (sadly, developer-only) for the FIDO Alliance's NFC Security keys -- in the future, you may only need to tap devices together to sign in. If you can't bear the thought of logging in with a regular password, you'll want to grab this upgrade in short order.
It's time to secure your Amazon account with two-factor authentication
Relying solely on passwords to secure important accounts may be outdated, but until they're gone for good your best alternative is locking things down with two-factor authentication: Amazon. Considering you probably already have a credit card or other payment info stored there, it just makes sense to add an extra layer of security that makes sure it's really you logging in. The only problem? Until recently Amazon didn't have any option to support the feature, but now it does. I noticed the new option while updating my password last night (also a good security idea), and it was only enabled for the general public very recently.
Lock down your Dropbox account with a USB security key
If you're so concerned about the security of your Dropbox account that even two-factor authentication through your phone seems too risky, you can rest easy. The cloud storage outfit has added support for USB keys as part of the two-factor sign-in process. Rather than punch in a code, you just plug in a stick to prove that it's really you. You'll need a key that meets FIDO's Universal 2nd Factor standard, but this key will also work with Google and any other U2F-capable service. Frankly, this is a long-due upgrade -- if you regularly access Dropbox from PCs, you won't have to worry quite so much that someone will get your login details and swipe your files.
Twitter's new dashboard simplifies your account security
Twitter unveiled a new data dashboard for users on Wednesday. Its aim: to make managing privacy and security settings across all your devices much easier. The controls, which are accessible at Twitter.com under the main Settings menu, will allow you to manage account access, edit the list of blocked users and see what data is being shared with third-party apps. That way if you notice that your account is being accessed by a device in a city you've never been to, you can quickly change the password. Or, better yet, you can enable two-factor authentication from the same screen. [Image Credit: Bloomberg via Getty Images]
IFTTT's automation app can watch your Android phone's battery
Thanks to a slew of updates, IFTTT's automation apps just became decidedly more useful -- especially if you're religious about your smartphone's battery. If for Android now includes a battery channel, so you can tell your phone to perform certain duties depending on your charge state. You can have the app mute your phone as soon as you plug it in, for instance. Also, the existing device channel now works with Bluetooth, music, navigation and WiFi, so you can turn off wireless features when your power is low or get directions to your favorite fishing spot every weekend.
Apple's two-factor authentication still leaves some of your data exposed
Apple took a big step forward when it expanded the scope of its two-step authentication last year, since it's now relatively hard to peek at someone's sensitive content unless you also have their device. However, this extra security measure still isn't the all-encompassing safety net you might expect it to be. Need proof? Just ask Dani Grant: she recently gave a friendly reminder that two-factor doesn't even enter the picture with a number of Apple's services. You only need an Apple ID's email address and password to get into FaceTime, iMessage, iTunes and the company's website. You'll need verification if you change account details, sign in to iCloud or try to buy an app, but that basic login is enough to see people's contact information, view their app download history or impersonate them on iMessage. You don't always get email alerts (they typically appear when signing into FaceTime, iCloud or iMessage for the first time on a new device), so it's possible for someone to misuse your account without your knowledge.
Tech industry completes its standards for banishing passwords
Hate typing passwords? You might not have to enter them for much longer. The FIDO Alliance (backed by Google, Microsoft, PayPal and Samsung, among others) has just published the completed versions of its password-free standards for both regular and two-factor authentication. Apps and websites using the technology can now rely on a number of easier and typically more secure ways to sign you in, such as fingerprint readers and USB dongles, without having to worry about the exact device you're using. There are already some hardware and software solutions that play nicely with FIDO, but the existence of firm specs should significantly boost your choices in 2015.
Windows 10 has new ways to protect you against internet data breaches
There are plenty of online services that use two-factor authentication to reduce the chances of someone hijacking your account after a data breach, but what about the operating system on your PC or phone? You'll get that safeguard if you use Windows 10, according to a Microsoft security brief. The new OS will optionally treat a device (including something nearby, like your phone) as one authentication factor when signing into a local or internet account, and a PIN code or biometric reader as the second. If hackers find your login data sitting on a server, they won't get to use it unless they also have your gear -- and in some cases, they may need a fake fingerprint as well.
Apple enables unique passwords for apps that tap into iCloud
Do you use third-party apps like Outlook that access Apple's iCloud but don't support two-factor authentication? You'll now be forced to enter a specific password for each one. Following a notorious celebrity hack, Apple updated iCloud with an extra security layer used to protect accounts by sending a four-digit code to your personal device. However, many third-party calendar, contact and email apps that access iCloud don't support two-factor, and could therefore expose your iCloud password -- and all your personal data -- to hackers. Apple said that if you're signed in to one of those apps when the change goes through today, you'll be signed out and forced to generate and enter a new password. To see how, check after the break or click here for more.
Apple iCloud backups are finally protected by two-factor authentication (update)
Need another reason to activate two-factor authentication on your Apple device? Ars Technica and Apple Insider report that the security check now extends to cover iCloud device backups too, something it didn't do before. That means if someone gets your password, or is able to reset it, they could pull down the data with a tool like Elcomsoft Phone Password Breaker and have access to anything stored there -- it's thought that many of the stolen personal photographs of celebrities recently posted online were obtained by this method. With two-factor authentication, they'd need access to your trusted device to generate a four digit code to get in. Another security tweak Apple just turned on is a notification that lets users know when their account has been accessed, to make sure it's for legit reasons. Before your new iPhone and Watch show up to handle your selfies, payments and anything else better kept private -- hit Apple's website and turn the extra level of security on. Update: Tonight Apple sent out an email to Apple ID accounts detailing the change. It also mentions that beginning October 1st, app-specific passwords will be necessary for third-party apps that don't support two-factor (like Outlook or Thunderbird) to access iCloud. If you have an account it should be in your inbox, or you can check out the text after the break.
Tumblr gets two-step verification, makes your GIFs more secure
If you've scrolled through Tumblr lately and thought to yourself, "Hey, this could use some added security," the blogging platform has your back. Today the outfit announced that it's adding two-step authentication as a means of keeping your account safe. Authentication codes are sent either via a text message or an app like Google's Authenticator, and work akin to basically every other service that uses them: simply input the code with the rest of your login credentials and you should be good to go. Tumblr says that the verification process won't interfere with using the mobile apps, but you'll need to create a one-time password via your account settings page in order to sign in on your device. From the sounds of it, this shouldn't take any longer than finding your next favorite Emma Stone GIF might.
Microsoft accounts now let you flag suspicious activity before it's a problem
Internet account security is frequently a black box; you may not know that something's wrong until there's a notification email or a credit card bill. If you use a Microsoft account, though, you now have some preventative tools. A new security upgrade lets account holders see a history of recent sign-in attempts and settings changes. They can warn Microsoft if there's something amiss, such as foreign access or unexpected password resets. The refresh also provides more control over where notifications go, and fans of two-factor authentication can create recovery codes so that they're never completely locked out. Redmond's security improvements won't stop hackers by themselves, but the company will use account warnings to refine its protection -- any attempts to crack your account could help others avoid the same fate.
Google Authenticator for iOS returns, lost entries are back but may cause dupes
Just a few days ago Google released a 2.0 version of its Authenticator app for iOS, but a bug made user's entries not show up and the company yanked it. Now v2.0.1 is back in the App Store, and it contains a fix for any two factor authentication users that downloaded the busted version. Based on the release notes, your old keys weren't cleared by the update, but they just weren't displaying. We tried it out on our iOS device that was blank after 2.0 and it worked as advertised, all accounts show up again. Although it's safe to upgrade there is one more issue: anyone who created replacement accounts already will have duplicates. To avoid that, your best bet is to rename any new entries before updating -- staying secure is fun and easy, isn't it?
Google Authenticator for iOS updated, requires a fresh setup afterwards (updated)
Two factor authentication is becoming an increasingly common part of keeping one's accounts secure online, and Google has just updated its Authenticator app for iOS. Outwardly, version 2.0 brings a new look that matches the style recently seen in other Google apps like Google+, YouTube and Gmail. The app is also retina display and iPhone 5 ready now, however there's still no native support for the iPad. It still functions the same way, cranking out a login code for users to access their accounts on demand, however there's one quirk you'll want to be aware of before pressing the update button. As Steve Streza points out on Twitter (and we experienced ourselves), the new version clears your account details and will need to be paired again before it works. It shouldn't be too much of a hassle (you did tie your account to a good backup phone number, right?) to get things set up again, but since it's not mentioned in the changelog consider this a friendly heads-up. Update: Just so we're all caught up, Google is aware of the issue and working on a fix. Just as important, it's pulled the update from the App Store while it works out the kinks to ensure no one else loses their precious Authenticator tokens... even if just temporarily. Update 2: A Google spokesperson has just provided us with the following quote: "We're aware of this issue and are working to release an updated version as soon as possible." Not much new beyond what we could already deduce ourselves, but there you have it. Update 3: Google has now posted an entire Support section regarding the matter.
This week on gdgt: the new Nexus 7, the Leap, and two-step authentication
Each week, our friends at gdgt go through the latest gadgets and score them to help you decide which ones to buy. Here are some of their most recent picks. Want more? Visit gdgt anytime to catch up on the latest, and subscribe to gdgt's newsletter to get a weekly roundup in your inbox.
LinkedIn adds two-factor authentication through SMS
Who knew that tighter security was all the rage these days? Following Dropbox, Google and virtually everyone else, LinkedIn has joined the trendy (if smart) ranks of those offering two-factor authentication as an option. Switch it on and you'll have to enter a verification code delivered by SMS before you can log in with a device that LinkedIn doesn't recognize. That's all there is to the process, really, but it may be enough to prevent ne'er-do-wells from messing with your CV.
Evernote two-step verification now available for Premium and Business users
Three months after a major database hack, Evernote has finally made good on its promise to implement two-factor authentication as an additional precautionary measure. Following the footsteps of other security-conscious companies, the technique requires not just your username and password, but also a six-digit code provided either via text message or an app like Google Authenticator. Further, you can print out a list of backup codes in case you don't have your phone handy. Premium and Business users will be the first to get this functionality -- they'll be treated as a test group for feedback. Once the system is optimized for a wider audience, it'll be offered to all users. Other apps in the Evernote clan, including Skitch, Penultimate and Evernote Food will need to be updated and certain third-party apps might need to be given their own dedicated passwords as well. Aside from the double-step verification, Evernote has also introduced the ability to view your account's access history and a list of authorized applications; you can revoke any device from your account settings if necessary. All of these added layers of security are totally optional, of course, but you might want to set yourself a reminder to check them out.
Two-step verification starts rolling out for Microsoft accounts
Everyone else is doing it, so why not Microsoft, right? The company has been accused of playing the "me too" game in the past, but we're not going to complain when the the end result is better security. As we learned from a leak last week, Redmond will begin enabling two-step verification for Microsoft accounts. The switch will get flipped for everyone over the next few days and, with email, Xbox Live and Skype (just to name a few) associated with the service formerly known as Live, it's never been more important to keep it locked down. (Especially when others are learning this lesson the hard way.) The two-factor gateway is purely opt-in, except where it's already been required: editing credit card information and accessing SkyDrive from a new computer. There's even a dedicated authenticator app for Windows Phone 8, which works whether or not you've got an internet connection. There's loads more detail at the source and you can check to see if the feature has been turned on for your account at the more coverage link. And if you can, we strongly suggest you turn it on. Like, now.
Apple adds two-factor authentication to your Apple ID
Apple is beefing up the security of its Apple ID by adding two-factor authentication to the account login process. Customers concerned about unauthorized access to their Apple ID can login to their account at Apple's My Apple ID webpage and turn on the feature as described below: Go to My Apple ID (appleid.apple.com) Click the "Manage your Apple ID" button to login to your Apple ID Enter your Apple ID and password and click "Sign In" Select "Password and Security" in the left-hand column Type in the answers to your account security questions if you are prompted to answer them. You will see Two-Step Verification at the top of the page. Click on "Get Started" and follow the on-screen instructions. If you have two-factor verification enabled, you will be required to enter both your password and a 4-digit code to verify your identity. According to Apple's support page, you will need this information whenever you sign in to My Apple ID to manage your account, make an iTunes / App Store / iBookstore purchase from a new device or get Apple ID-related support from Apple. You can read more about the security feature on Apple's support website, and check out Glenn Fleishman's thorough pros and cons rundown on TidBITS.
