WebProNews

Tag: two-factor authentication

  • Twitter Adds Support for Security Keys for 2FA

    Twitter Adds Support for Security Keys for 2FA

    Twitter has added support for security keys to support two-factor authentication (2FA).

    2FA is widely considered to be an important step in securing accounts and information. With 2FA enabled, a user does not gain immediate access to their account when they log in using their username and password. Instead, they are required to take an additional step, such as confirming the login via their phone or other device, providing a fingerprint or using a security key.

    A security key has some distinct advantages over other forms of 2FA, as Twitter highlights in their blog.

    Security keys are small devices that act like keys to your house. Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account. Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account. They use the FIDO and WebAuthn security standards to transfer the burden of protecting against phishing attempts from a human to a hardware device. Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not.

    For the time being, security keys will only work with Twitter.com, not the mobile apps. Nonetheless, the new feature is an important step in security Twitter accounts.

  • Twitter Updates Two-Factor Authentication to Secure Accounts

    Twitter Updates Two-Factor Authentication to Secure Accounts

    Twitter has updated its two-factor authentication, making it easier for users to secure accounts.

    Twitter has suffered a number of embarrassing security issues, including hackers who have targeted celebrity and high-profile accounts. Twitter’s latest security features and upgrade to two-factor authentication are designed to help shore up security.

    Once two-factor authentication is enabled, users will be able to use a temporary password to log in via their mobile devices or third-party applications.

    After you enable two-factor authentication for your account via twitter.com, you’ll need to use a temporary password to log in to Twitter on other devices or applications that require you to enter your Twitter password; you will not be able to log in using your usual username and password combination. If we detect you will need a temporary password to log in, we will send one via SMS text message to your phone. Alternatively, you can generate your own temporary password.

    While adding a layer of complexity, the new security features should go a long way toward protecting accounts.

  • Apple, Google Engineers Join Forces On SMS One-Time Passwords

    Apple, Google Engineers Join Forces On SMS One-Time Passwords

    Apple has received help with SMS one-time passwords from an unexpected source: a Google engineer.

    The project in question is an effort to standardize the formatting of SMS messages that are used in two-factor authentication by applications, websites and more. As AppleInsider reports, “first proposed by Apple WebKit engineers and backed by Google in January, the initiative seeks to simplify the OTP SMS mechanism commonly used by websites, businesses and other entities to confirm login credentials as part of two-step authentication systems.”

    As the project’s GitHub page points out, “Many websites deliver one-time codes over SMS.

    “Without a standard format for such messages, programmatic extraction of codes from them has to rely on heuristics, which are often unreliable and error-prone. Additionally, without a mechanism for associating such codes with specific websites, users might be tricked into providing the code to malicious sites.”

    The GitHub page lists Theresa O’Connor of Apple and Sam Goto of Google as the authors. While the two companies directly compete with one another on many fronts, their largest point of competition is the smartphone market, where iOS and Android dominate. Apple and Google working together to standardize something that impacts all users, regardless of their smartphone of choice, is good for everyone involved.

  • Ring Making Major Changes To Improve Privacy

    Ring Making Major Changes To Improve Privacy

    After ongoing issues, Ring has informed users it is implementing a number of changes to improve privacy and security.

    Ring’s blog post comes as the company is trying to do damage control over a number of mishandled privacy issues. First there were multiple reports of the company’s cameras being hacked, followed by VICE investigating the service’s security and finding it wanting, to say the least. The worst revelation came when the Electronic Frontier Foundation (EFF) found that Ring was sharing personally identifiable data with a number of companies, without properly disclosing it to consumers. Ring’s response did nothing to help the situation, admitting they were sharing data with more companies than they said, but that customers should trust they were doing it responsibly.

    In the company’s blog post, Ring tries to address multiple concerns, beginning with two-factor authentication.

    “While we already offered two-factor authentication to customers, starting today we’re making a second layer of verification mandatory for all users when they log into their Ring accounts,” reads the blog post. “This added authentication helps prevent unauthorized users from gaining access to your Ring account, even if they have your username and password.”

    The company also addressed its data sharing policies.

    “Ring does not sell your personal information to anyone. We occasionally collaborate with third-party service providers that specialize in delivering different benefits, such as identifying and solving your problems faster when you contact Ring Community Support, providing you with personalized Ring offers and discounts, and communicating important alerts about your devices, like when your battery is low. Collaborating with these third-party service providers allows us to deliver the best possible Ring experience to you.”

    Ring says it is implementing a number of changes. First it is temporarily pausing most third-party analytics data sharing. Second, the company is also providing customers a way of opting out of third-party data sharing for personalized ads.

    Overall, this is a good first step for the company. If Ring had built its service with these steps already in place, they would not have spent the last couple of months losing customer trust and doing damage control.

  • Twitter Finally Launches Two-Step Verification

    After a series of high-profile hacks and calls from the user base, Twitter has finally unveiled their form of two-step verification.

    “Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web. Today we’re introducing a new security feature to better protect your Twitter account: login verification,” says Twitter.

    It works similar to other two-step verification systems you may be familiar with (Google, for instance). Once you enable login verification, the next time you attempt to log in you’ll also need to enter a code that Twitter will send to your mobile device. So, it’s your password + mobile code. Two steps.

    All you have to do to enable it is visit your account settings page.

    Twitter says that you existing applications you’ve enabled via Twitter login should be unaffected:

    “With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.”

    Of course, two-factor authentication won’t solve all of your security problems, and it’s not foolproof. But it’s a much-needed buffer between you and everyone out there eyeing your account with malicious intent.

  • Twitter Two-Step Verification Finally on the Horizon [REPORT]

    Following Tuesday’s hack of the AP’s Twitter account that temporarily tanked the stock market and showed just how powerful a false tweet can be, Twitter is looking to slowly roll out two-step verification to some users.

    According to Wired, Twitter has such a system currently undergoing internal testing, and they will soon begin to roll it out “incrementally.”

    Two-step verification, as you probably know, is really any approach to account authentication that involves two layers. Usually, this involves the typical password layer, beefed up by a mobile alert (usually an additional code sent to an account holder’s device). Plenty of companies with online log-ins like Google and Apple have already implemented some version of this security measure.

    Back in February, a job posting on Twitter’s employment site suggested that Twitter was getting more serious about two-step verification. The posting, for a software engineer specializing in product security, listed duties to ““design and develop user-facing security features, such as multifactor authentication and fraudulent login detection.”

    Two-step verification isn’t a panacea for every product security issue, and it’s not going to prevent every hack. But it is a necessary blockade between your account and the bad guys who wish to use it for nefarious purposes. It’s about time that Twitter launched something like this, and there’s no better time than now – especially after the recent high-profile hacks.

  • Twitter May Be Getting More Serious About Two-Factor Authentication

    Is Twitter ramping up their efforts to implement two-factor authentication to make your accounts more secure?

    Two-factor authentication (2FA), generically, is any approach to authentication that has multiple layers. Around the web (like with Google for instance), it is usually applied with a combination of a password and mobile alert. When a new device/location attempts to log on to a Google account, not only is a password required but so is a secondary authentication code sent to a user’s mobile device.

    This way, an unauthorized user would not only have to obtain your password, but also your phone in order to access your account. It’s simply another layer of security, and one that companies like Google say “drastically reduces” the chances of a bad guy getting their hands on your personal info.

    The Guardian points to a job posting on Twitter’s employment site. The post is for a full-time software engineer in the specialized area of product security. Among the duties of said position is to “design and develop user-facing security features, such as multifactor authentication and fraudulent login detection.”

    As you may remember, Twitter made a pretty bad screw-up last November when they accidentally reset a bunch of passwords for accounts that hadn’t actually been compromised, following a hack that did see some accounts compromised.

    Like any online service, Twitter accounts are vulnerable to being compromised and used for nefarious purposes – whether that be malicious spam messages or simply hijacking tweets in order to expose or embarrass.

    In the past, Twitter has stated that they’ve “certainly explored two-factor authentication,” but to date the company has made no public declarations of intent. While this job posting is far from conclusive evidence that Twitter plans to implement 2FA, it does suggest that they are looking for personnel that could possibly draw up such a system.