two-step authentication
Latest
Google is turning on two-factor authentication by default
You'll only need to tap a prompt to confirm your identity.
Arlo will require two-step sign-ins for its smart home devices
Arlo is following the leads of Nest and Ring in requiring tighter security for its smart home devices. It's warning customers that it'll require two-factor authentication for accounts by the end of 2020. As it explained in a support guide, you'll have to either respond to a push notification or a less secure text message whenever you sign in with a new device. Email security codes will be available as an "automatic back-up option."
Your Android phone can sign you into Google on iOS devices
Who said that Apple- and Google-powered devices can't work in harmony? Not Google. It's taking advantage of its recently added security key functionality to use your Android phone as verification for Google sign-ins on iOS devices. If you have Google's Smart Lock app installed on your iPad or iPhone and have 2-Step Verification enabled on your account, you can hold the volume down button on your Android hardware (when prompted) to greenlight the login on the other platform.
Google users can sign into Firefox and Edge with a security key
Until now, you've had to use Chrome to sign into your Google account with a security key. You won't have to be quite so choosy going forward, though. Google has transitioned to using the new Web Authentication standard for hardware-based sign-ins, making your key useful in Firefox, Edge and other browsers that rely on the format. That could be particularly helpful if you want to check your Gmail on an unfamiliar PC and would rather not install Chrome or punch in a password.
Google streamlines two-step verification with security keys
Google just made it easier to lock down your account if you're a G Suite user. The internet giant is trotting out a series of updates for two-step verification, starting with the interface itself. You'll see new instructions text and images to walk you through the process of setting up a security key, and the flow for that process now changes depending on the browser you're using. You'll get an experience unique to Chrome or Safari, for instance.
Perfect Ten: Mobile apps to enhance your MMO lifestyle
We're living in the age of smart phones, when there are more cell phones than there are people on this planet. I can't go anywhere without seeing people constantly whipping out their little rectangular companions for the constant stream of information, social connection, and Candy Crush interludes. While MMOs aren't making great headway on these devices, in part due to the limited input scheme, several wise studios have made good use of the mobile market to give players a way to keep in touch with their games even while AFK. Today we're going to count down, count up, and count sideways 10 official mobile apps that will enhance your MMO lifestyle.
Apple: Celebrity photo breach not due to iCloud or Find my iPhone issues
Apple has just released a press statement updating its investigation into the weekend breach of celebrity photos. As noted in the press release, the company says that none of the cases investigated were the result of any breach of Apple's systems including iCloud and Find my iPhone. Apple believes that it was a "very targeted attack on user names, passwords and security questions" that caused the breach -- essentially saying that it's most likely a social engineering attack that made the photos vulnerable to being exposed to the public. Apple reiterates that using a strong password and two-step verification can help protect against this type of attack. Show full PR text Apple Media Advisory Update to Celebrity Photo Investigation We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved. To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
Secure both your WildStar account and cool bonuses with Google Authenticator
WildStar players making plans to jump into this weekend's headstart now have one more thing on their preparation list: to connect their accounts with Google Authenticator. Carbine Studios is offering several goodies for players that make their account extra-secure with Google's two-step authentication. These bonuses include a cybernetic eyepatch, an in-game title, and a 2% bonus to XP, renown, and prestige. You'll need to download the Google Authenticator app and connect it to your NCsoft account to secure these bonuses. WildStar Report has the step-by-step directions for those interested.
This week on gdgt: the new Nexus 7, the Leap, and two-step authentication
Each week, our friends at gdgt go through the latest gadgets and score them to help you decide which ones to buy. Here are some of their most recent picks. Want more? Visit gdgt anytime to catch up on the latest, and subscribe to gdgt's newsletter to get a weekly roundup in your inbox.
Evernote introduces two-step verification, other security enhancements
Evernote's motto is "remember everything," which means that you might put everything onto the cloud service -- work notebooks, pictures of food, business cards, you name it. One problem with placing all of that personal and work-related information in the cloud is that it makes it a target for identity thieves. Today, Evernote announced three new security-related features to protect your information from prying eyes. The first is two-step verification, which according to Evernote will happen only when you log into Evernote Web or install Evernote on a new device and is only available at this time to Evernote Premium and Business users. Eventually, the company plans to roll out two-step verification to all users. As with other two-step verification methods used by Apple, Google and Dropbox, you combine your password (something you know) with something you have -- a device or browser into which a random six-digit code is entered. That code can either be sent as a text message to your device, or users can fire up Google's Authenticator app to generate the code for them. Evernote emphasizes that two-step verification is optional, and warns users that if they lose access to the secondary access method they can "run the risk of permanently locking yourself out of your account." The other enhancements, which are available to all users of Evernote, include Authorized Applications and Access History. If you lose a computer or device, you can revoke access rights to Evernote from that device using the Evernote Web Account Settings. That app or device will request a password from a user the next time it is launched. Likewise, Access History provides a way to see every time your account was accessed -- including location and IP address -- for the last 30 days. If all of your work is done from a home office in Colorado and you suddenly see that your info is being accessed from Shenzen, China, it's time to change passwords and set up two-step verification (if it's not too late). Evernote spokesperson Ronda Scott noted that "Implementing two-step verification was not trivial. It required updates to all of our applications including Evernote, Skitch, Penultimate, Evernote Food and others and significant back-end work. We've always intended to add two-step as an option to those who wanted it. Back in March we said this was coming and we're rolling it out starting today."
Apple's two-step ID now rolling out to a worldwide release
Apple recently introduced two-step verification for your Apple ID in certain countries, and the process is now being expanded to the rest of the world. The feature, which requires two different codes for verifying your Apple ID (if you want to be extra safe) was initially only available in the US, UK, Australia, Ireland and New Zealand. But Apple has now included Canada in on the feature, as well as users in Argentina, Pakistan, Mexico, the Netherlands, Russia, Austria, Brazil, Belgium and Portugal. In other words, two-step authentication is now rolling out to a more or less worldwide release. The authentication process is still optional -- if you don't think you need it, you can still stick with just your Apple ID password as a login. The process does help security, though it's still not a perfect solution. Apple only implemented this procedure earlier this year due to some security concerns on behalf of users. But it will help against some attacks, and it should work as another step to keep unwanted invaders out of your Apple ID account.
Microsoft leak details plans for two-step authentication process
Smoke goes up. Lights fade. The crowd roars. It's 2003, and the Dave Matthews Band is about to perform what would go on to become the theme song for security processes the world over a decade later. Weird visualizations aside, it sure seems as if two-step authentication has become all the rage these days. With Google implementing the process in 2011, both Apple and Dropbox have followed, and Evernote has made clear that it's going to join the fray as soon as feasible. Now, leaked imagery is demonstrating that Microsoft might not be far behind, with a two-step verification process evidently planned for its online services. As you'd expect, the process should work pretty simply once it's instituted -- you'll need to enable two-step on your account, and then use an app on your mobile device to retrieve randomized keys when logging into a computer that's not on your trusted device list. Notably, the process isn't expected to work with linked accounts, and while a Windows Phone app appears to already be floating about, there's no word on whether Android, BlackBerry or iOS users will receive the same courtesy. Till then, keep your passwords guarded. And, of course, watch the video embedded after the break.
Daily Update for March 22, 2013
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Apple on the verge of rolling out two-step verification for iCloud, Apple ID
According to a report on 9to5 Mac, Apple has begun training support personnel in advance of rolling out two-step authentication for iCloud and Apple ID. This is a significant step towards enhanced security for Apple accounts as it requires both a trusted device and an extra security code in addition to a password. Other cloud providers currently providing two-step authentication include Dropbox and Google. Apple's relatively weak security for its online services came under the spotlight last year when tech writer Mat Honan suffered a hack attack that compromised his iCloud account. It appears that 9to5 Mac may have jumped the gun in terms of posting this information, as the My Apple ID website referenced heavily in their post displays placeholders instead of actual text and links (see image at the top of this post). The way the system will work is that whenever you log in to manage your Apple ID on My Apple ID or make a purchase via iTunes, the App Store or iBookstore from a new device, you'll be asked to enter your password and a four-digit verification code. Without entering both the password and verification code correctly, account access is denied. ' Apple will also provide a 14-digit Recovery Key that they recommend printing and keeping in a safe place. This allows Apple ID users to regain access to their accounts if they lose their devices or forget their password. One other good feature -- you'll no longer need to create or remember any security questions. Two-step verification will initially be available in the US, UK, Australia, New Zealand and Ireland, with additional countries added over time.
ArenaNet talks security in Guild Wars 2
Account security has been a hot topic in the world of Guild Wars 2 between the hubbub about the email verification system and the woes of hacked accounts. It's been such a hot topic that ArenaNet President Mike O'Brien wrote up a big ol' post about it. O'Brien began by reiterating one of the golden rules of account security: Use a strong and unique password for any account that you don't wish to have compromised. He pointed out that simply having a strong password does you almost no good if you've got the same password with the same email used for an account elsewhere -- if one such account is compromised, they all are. The same rule of having a unique password applies to the email account you use for authenticating your GW2 login attempts: the email authentication system can only protect you if your email is secure. Fans of two-factor authentication will be pleased to hear that Guild Wars 2 will have a two-step authentication system soon. "We had our own homegrown implementation of smartphone two-factor authenticator in testing, but we're going to pull it back and instead integrate Guild Wars 2 with Google Authenticator, which already has robust authenticator implementations on most major smartphone platforms. We expect to roll this out in the next two weeks." But that's not all! ArenaNet is also building a password blacklist (which is 20 million passwords long and growing) that blocks all passwords for which hackers are already scanning. According to O'Brien, "the rate of account hacking was about 1.5% for accounts created before this blacklist was in place, and is about 0.1% for accounts created after." This announcement comes with the request that existing customers change their password so that the blacklist protects them as well. Read O'Brien's full post on the GW2 news page.
Dropbox two-step login verification available in experimental build, coming to all accounts soon
Following up on its promise to tighten account security following a recent breach, Dropbox is now offering two-step login authentication to users who install the service's latest experimental desktop build. The team says the functionality will roll out to all users in the coming days, but listed full instructions to forum users who just can't wait. Those who op-in only need to download a new version of the Dropbox desktop software and activate the feature in their account settings. Once set up, Dropbox will require all unrecognized machines to provide a code, culled from an authenticator app or received via text message. The firm also provides an emergency back-up code that'll disable the feature should you lose your phone. Feeling insecure? Check out the source link below to get started. Update: Dropbox just made it official, detailing set up instructions once more on the Dropbox blog.
