Almost every significant data breach starts by compromising an end-point device. And the easiest way to do that is to steal some user credentials. It's why the theft of credentials from Yahoo!, Ashley Madison and other large companies are such a big deal. Many people use the same usernames and passwords on multiple sites. But what if your access to a site was governed by something other than a username and password? This is where the YubiKey fits in.
Tagged With 2FA
Earlier this week, Microsoft announced that they will be pushing forward with its vision for a password-less future. Anyone following the company's moves, and indeed those of a number of other companies, can see that the use of a username/password combination to prove identity has been on shaky ground for some time. The theft of large numbers of user credentials through a number of major breaches over the last five years has almost completely undermined the use of these credentials. But what's next?
While Facebook has faced massive scrutiny over the last year when it comes to privacy and security, their other major social network, Instagram, has managed to stay clear of the spotlight. Until now. Over the weekend, it was revealed that a new security flaw could have inadvertently exposed Instagram passwords to public view.
Just last week, Instagram confirmed reports that it's working on modifications to its two-factor authentication setup that will allow you to create passcodes in your favourite security app - like Google Authenticator, for example. While this isn't the sexiest of news, it's great to see this security practice growing in popularity: using an app, rather than a text message, to authenticate into other apps and services.
Until now, in order to use two-factor authentication (2FA) with your Facebook account you needed to give Facebook your phone number. Which seemed a little dumb as, in order to improve your privacy, you needed to give the largest data collection service in the world more data. But that's changed with a new 2FA system coming into play that lets you use third party authenticators.
Facebook recently added two-factor authentication (2FA) to their network, plugging a long-standing security issue. The new system works using several different options for the second authentication factor including a security code sent to you via SMS. But it turns out people got a lot more messages than they bargained for when they took this option. As a result, users started getting notifications over SMS that had nothing to do with security.
A long, long time ago, having a good password was all you needed to make sure your Gmail (or other online) account was secure. Now, if you don't have two-factor authentication, or 2FA, then you're missing out on a really simple way to protect yourself. Why, then, do less than 10 per cent of Gmail users have 2FA enabled? Great question.
One of the primary vehicles used by bad guys to access our systems is stealing log-in credentials in order to impersonate real users. All the security processes and tools in the world are circumvented when someone has your username and password. That's where two-factor authentication (2FA) comes into play. 2FA works by adding another authentication challenge to the equation. It's not just about what you know - your password, it's also about something you have. That's where the authenticator apps from Microsoft and Google come into play.
Two-factor authentication is often touted as a great tool for thwarting threat actors who steal or guess account credentials in order to break into systems. Microsoft Authenticator is a new app for iOS, Android and Windows Phone that ditches passwords for Windows log-ins with one-time passcode that are delivered to your smartphone.