Two-stepVerification
Latest
Apple testing two-step verification on iCloud site, apps
Update 9/2/2104: It looks like this test never made it to full release, as iCloud users are still not prompted to authenticate with 2FA when logging into iCloud.com. With all the security risks populating the world, two-step verification is the strong standard to have for information safety. Apple brought the process to your Apple ID last year, now iCloud and its associated apps are getting it as well. With a two-step verification users must enter a code that is sent to their device after you enter your password. This current wave of two-step verification hasn't hit all users just yet -- as noticed by the folks at AppleInsider this morning, some users aren't seeing the prompt when they login to their iCloud accounts. You'll be able to tell if the two-step verification has been activated on your iCloud account the moment you login, as your web apps will all be greyed-out with a lock over them. Once the verification process is completed all of the apps will be accessible. There's one exception to the greyed-out apps; Find My Phone. Given that it's possible you may have lost the trusted device Apple would be sending your verification code to, that was a wise move on Apple's part. If you login to iCloud today and nothing has changed, don't worry. You can expect to see the added layer of security hitting your setup sometime in the near future.
Evernote introduces two-step verification for all
Evernote has offered two-step verification for Premium and Business users since May of 2013, leaving us cheap, every-day users with standard verification. The company promised to bring two-step verification to all of its users, and now that's what it's done. Free users will need to download Google Authenticator to generate a login code. Once you've enable the service simply impute the code and your login information. Back in May, Evernote spokesperson Ronda Scott explained the process the company was going through to provide verification. "Implementing two-step verification was not trivial. It required updates to all of our applications including Evernote, Skitch, Penultimate, Evernote Food and others and significant back-end work. We've always intended to add two-step as an option to those who wanted it. Back in March we said this was coming and we're rolling it out starting today."
Evernote two-step verification now available to all
Evernote's been rolling out two-step verification over the course of some months now, making the feature available to its Premium and Business users way back in late-May, a few months after having its database hacked. Now the company's ready to offer the added security up to the rest of us, making logging in even safer with the use of phone codes. You can implement two-step verification now by heading over to Evernote, and if you're a free user, you'll also need to install an authenticator app like Google Authenticator. In the meantime, more info can be had in the source link below.
Google's updated security roadmap details increased friction, reliance on hardware
A lot has changed in the security realm since 2008 -- remember Alicia Keys' recent attempt to convince us her Twitter account was hacked, when we all know she still uses an iPhone even as BlackBerry's Creative Director? Pranks aside, the consumer world alone has been overrun with mass data hackings -- everyone from Evernote to Microsoft to Sony to RSA has felt the wrath. To combat all of this, Google is revamping its five-year security plan, which calls for a complex authentication code replacing the conventional password in due time; in other words, Google is going to make it harder to access your accounts when initially setting up a device, but hopes you'll deal. Eric Sachs, group product manager for identity at Google, put it as such: "We will change sign-in to a once-per-device action and make it higher friction, not lower friction, for all users. We don't mind making it painful for users to sign into their device if they only have to do it once." The documents also suggest that two-step verification may soon become less of an option, and more of a mandate. Sachs straight-up confesses that Google didn't predict the current level of smartphone adoption back in 2008, but now realizes that utilizing mobile hardware and apps as friction points for logging in makes a lot more sense. A huge swath of Google users are already carrying around a product that could be used as a verification token, so the obvious solution is to make use of that. We're also told that learnings from Android will be carried over to Chrome, and further into the world of web apps. No specific ETAs are given, but trust us -- half a decade goes by quickly when you're having fun.
