Articles about 2fa

Android figurine (silver) hangs off building at Mountain View HQ. Photo by Nick Fox, Shutterstock.com</a>

Academics claim Google Android two-factor authentication is breakable

Computer security researchers warn security shortcomings in Android/Playstore undermine the security offered by all SMS-based two-factor authentication (2FA). The issue - first reported to Google more than a year ago - revolves around an alleged security weakness rather than a straightforward software vulnerability. The …
John Leyden, 8 Apr 2016

Instagram rolls out two factor authentication

Hipsters and selfie-lovers will enjoy extra security after Instagram added two-factor authentication to its service. The security measure is becoming a de facto standard for protecting user accounts by requiring a code generated on a second device to be entered alongside passwords. Instragram will send a code to user's mobile …
Team Register, 18 Feb 2016

Got a time machine? Good, you can brute-force 2FA

Time-based two-factor authentication tokens, and plug-ins that use them, are only as good as your time signal, and in the right (wrong) circumstances, they can be brute-forced. Security researcher Gabor Szathmari says the problem is that if your 2FA tokens depend on the network time protocol (NTP), it's too easy for a sysadmin …

Boffins nail 2FA with 'ambient sound' login for the lazy

Internet users who think two taps on a smartphone is two taps too much may soon be able to use seamless second factor authentication that verifies a person is in possession of their phone by matching ambient noise sound prints. Researchers Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun of the …
Darren Pauli, 17 Aug 2015

Snapchat slings SMS two-factor authentication

Snapchat has deployed two factor authentication as part of its push to increase security across the popular selfie slinging app. The sexting swap shop allows users to set up SMS log-in verification that makes en-masse account hijacking more difficult, and better protects Snapchat's Snapcash money transfer system. The …
Darren Pauli, 15 Jun 2015
Manneken pis wears football kit. Source: James Cridland, Flickr

Tesla Twitter account and website hijacked, Elon Musk pwned

The website and Twitter account of carmaker Tesla were hacked over the weekend, as part of what looks like a prank between rival hackers. Elon Musk’s personal Twitter account was also hijacked on Saturday night (US time) by miscreants who at one point claimed to be from the infamous Lizard Squad hacking crew. The name …
John Leyden, 27 Apr 2015
Wolves

Big Blue securo-bods warn of dire Dyre Wolf AMONG WOLVES

Infosec experts have spotted a nasty variant of a banking malware – dubbed Dyre Wolf – which involves a sophisticated two-factor authentication workaround that has apparently led to the theft of more than $1m from the biz world. Wrongdoers have demonstrated what IBM Security described as "a brazen twist from the once-simple …
Kelly Fiveash, 4 Apr 2015
Logging onto Windows 10 with a mobile for 2-factor authentication

Yahoo! wheels! out! password! on-demand! service! for! simpletons!

Yahoo! is trialling a service that removes the need to remember your passwords, providing users aren't so absent-minded they don't also lose or mislay their mobile phones. The on-demand password service allows registered users to get a short password sent to their phone. On-demand passwords is an opt-in service, initially only …
John Leyden, 16 Mar 2015

Authy 2FA app popped by simple, secret, code

Attackers could bypass the Authy two factor authentication (2FA) system by typing a phrase in a token field. Authy's apps make it possible for punters to log in to services like Gmail, Dropbox and Facebook, or even Amazon Web Services, with a one-time password sourced from an app. But prior to the advent of a patch issued 8 …
Darren Pauli, 16 Mar 2015

Hey, NUDE CELEBS! Apple adds SWEET 2FA to iMessage, Facetime

Apple has activated a two-factor authentication (2FA) system for Facetime and iMessage, extending the service to beyond iCloud accounts in a move that it hopes will help secure its communications platforms. The feature has become effective immediately, meaning any attempt to activate the services on a new device would first …
Team Register, 13 Feb 2015

CommBank app leaks 2FA tokens says Sydney dev

Sydney programmer Stuart Ryan has chipped Australia's dominant retail bank, the Commonwealth Bank, for allowing two factor authentication codes to be viewable on locked iPhones. The bank sends authentication tokens over push notifications on iOS devices, rather than SMS for users who had activated the second factor account log …
Darren Pauli, 12 Feb 2015
JP Morgan HQ at Canary Wharf

JPMorgan Chase mega-hack was a simple two-factor auth fail

Hackers broke into JPMorgan's network through a giant security hole left open by a failure to switch on two-factor authentication on an overlooked server. The New York Times reports that technicians at JPM had failed to upgrade one of its network servers, meaning that access was possible without knowing a combination of a …
John Leyden, 23 Dec 2014

Lucky you. Twitter offers you its 'Digits' (for mobe app sign-ins)

Twitter's launch of a service that provides a new way to sign up to apps without using passwords has received a cautious welcome from security experts. The new service, Digits, is designed to offer application developers a simpler, password-free login option for their mobile applications. The utility is designed to fit into …
John Leyden, 24 Oct 2014
iPad Psycho image

NUDE SELFIE CLOUD PERV menace: Apple 2FA? Sweet FA, more like

Apple’s two-factor authentication doesn't actually protect iCloud backups or photo streams, contrary to what many iPhone and iPad fondlers might wish to believe. Scores of (mostly female) celebrities, including Oscar winner Jennifer Lawrence, had their iCloud hacked before miscreants siphoned off private nude snaps which …
John Leyden, 3 Sep 2014
The Register breaking news

Apple's two-factor security isn't as good as Microsoft or Google's, say experts

Apple's two-factor authentication system does not protect users' private files backed up to the iCloud, it is claimed. Fanbois have been able to secure their Apple accounts with a two-step login process since March: these accounts are important because they are used to bung or retrieve backups into and out of Cupertino's …
John Leyden, 31 May 2013
The Register breaking news

Google squishes login-bypass bug that opened door to hijackers

Google has patched a flaw that allowed attackers to circumvent the web giant's two-factor login system and hijack victims' accounts. Researchers at Duo Security said anyone could bypass a Google account's two-step verification system, reset its master password and gain full control of the profile simply by capturing one of the …
John Leyden, 27 Feb 2013
The Register breaking news

Brit firm PinPlus flogs another password 'n' PIN killer

The inventor who co-founded visual PIN company GrIDsure has become involved with another pattern-based authentication start-up in the hopes that the shoulder-surfer proof technology could replace two-factor authentication. His new company, PinPlus, does away with passwords and PINs by combining a method for securely delivering …
John Leyden, 27 Feb 2013

Create a news alert about 2fa, or find more stories about 2fa.

Biting the hand that feeds IT © 1998–2018