Articles about 2fa

Man possibly shocked at what he's seeing on computer screen

2FA? We've heard of it: White hats weirded out by lack of account security in enterprise

Few companies bother to secure employee accounts with simple protections like two-factor authentication (2FA) and lockouts, an analysis by security company Rapid 7 has found. These were only the most glaring weaknesses that emerged from 268 real-world penetration tests carried out by its security staff since 2017 for the …
John E Dunn, 25 Jul 2018

Two-factor auth totally locks down Office 365? You may want to check all your services...

Hackers can potentially obtain access to Microsoft Office 365 emails and calendars even if multi-factor-authentication is in place, we were warned this week. Cybercrooks are able to force their way into corporate Office 365 accounts, bypassing single sign-on or multi-factor authentication, by targeting older systems that aren' …
John Leyden, 13 Jul 2018
Data breach

Nostalgic social network 'Timehop' loses data from 21 million users

A service named “Timehop” that claims it is “reinventing reminiscing” – in part by linking posts from other social networks – probably wishes it could go back in time and reinvent its own security, because it has just confessed to losing data describing 21 million members and can’t guarantee that the perps didn’t slurp private …
young chimpanzee looking thoughtful

MailChimp 'working' to stop hackers flinging malware-laced spam from accounts

Email newsletter distribution service MailChimp has promised to act on the abuse of accounts to send (frequently) malware-tainted spam. Security experts have been complaining with increasing frustration that the problem has been going on for months. MailChimp is widely used for sending newsletters, bulletins and in some cases …
John Leyden, 15 Mar 2018
Facebook

Top tip: Don't bother with Facebook's two-factor SMS auth – unless you love phone spam

Forget fake news, Russian trolls and the gradual cruel destruction of journalism – now Facebook is taking heat for spamming a netizen's phone with text messages after he signed up for SMS-based two-factor authentication. Software engineer Gabriel Lewis said this week that after he activated the security measure with his …
Shaun Nichols, 15 Feb 2018
Grzegorz Milka

Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication

Usenix Enigma It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it. In a presentation at Usenix's Enigma 2018 security conference in California, Google software engineer Grzegorz Milka today revealed that, right now, less than 10 per cent of active Google …
Iain Thomson, 17 Jan 2018
password

How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

Google has teamed up with computer scientists at the University of California, Berkeley, to find out how exactly hijackers take over its users' accounts. The eggheads peered into online black markets where people's login details are bought and sold to get an idea of the root cause of these account takeovers and the subsequent …
John Leyden, 10 Nov 2017

Your shoe, chewing gum, or ciggies are now your extra password

Computer researchers at Florida International University and Bloomberg have come up with an alternative to crypto baubles like YubiKeys for two-factor authentication. It's not that there's anything wrong with YubiKeys and similar login tokens, apart from the occasional security blunder. But they can be a potential faff for non …
Thomas Claburn, 25 Oct 2017
Google Prompt

Google slides text message 2FA a little closer to the door

Text messages aren't a great way to implement two-factor authentication, but it's a technique that's stubbornly persistent. Now Google has decided to push things along by pushing its alternative into production. The Chocolate Factory's alternative is called "Google Prompt". Instead of sending users a one-time code in a text …

Brit intel fingers Iran for brute-force attacks on UK.gov email accounts

Iran has been blamed for the brute-force attack on UK Parliament earlier this year. An unpublished assessment by British intelligence obtained by The Times fingers Iran for the high-profile hack. The revelation comes as the US president has refused to continue signing off the 2015 Iran nuclear deal, to which the UK is a party …
John Leyden, 16 Oct 2017

Sensitive client emails, usernames, passwords exposed in Deloitte hack

Deloitte, one of the world's "big four" accountancy firms, has fallen victim to a cyberattack that exposed sensitive emails to hackers. The IT security breach dates back to November 2016 but was only discovered in March this year, according to The Guardian, which broke the news in an exclusive on Monday. Deloitte has …
John Leyden, 25 Sep 2017

Facebook users pwnd by phone with account recovery vulnerability

Facebook account recovery using pre-registered mobile numbers is poorly implemented and open to abuse, according to critic James Martindale. Martindale wrote an article on Medium, titled I kinda hacked a few Facebook accounts using a vulnerability they won't fix, highlighting his concerns in a bid to push the social network …
John Leyden, 17 Jul 2017
Facepalm from Shutterstock

Two-factor FAIL: Chap gets pwned after 'AT&T falls for hacker tricks'

A software developer says a thief siphoned cash from his PayPal account – after a dumbass AT&T rep handed control of his cellphone account to a hacker, thus defeating his two-factor authentication. Justin Williams, an iOS code jockey based in Denver, Colorado, said someone was able to dupe an AT&T support tech into assigning …
Shaun Nichols, 10 Jul 2017

LastPass now supports 2FA auth, completely undermines 2FA auth

Password manager LastPass has added a new feature to its software: the ability to store two-factor authentication codes. This is great news. For hackers. Increasingly, people with sense use two-factor auth as a way of ensuring that it is much harder for miscreants to break into their accounts, and to detect if anyone is anyone …
Kieren McCarthy, 19 May 2017

eBay dumps users into insecure authentication mechanism

Web tat bazaar eBay appears to be suggesting its readers adopt known-to-be-insecure practices when logging on to the service. eBay has long offered customers the chance to get their hands on a hard token that generates one-time-passwords. But Krebs on Security reports that a reader received an email from eBay telling customers …
Simon Sharwood, 23 Mar 2017
Two eggs hugging couple arranged in carton

Aah, all is well in the world. So peaceful, so– wait, where's the 2FA on IoT apps? Oh my gawd

Smart home poster child Nest has stolen a march on the rest of the smart-home industry by adding two-factor authentication to its systems. From Tuesday, owners of Nest products can tie a mobile phone to their account and so require that anyone trying to access their data has to enter a six-digital code sent by text to that …

Netflix US Twitter account hacked

Netflix's US Twitter account was briefly hijacked on Wednesday. The feed was taken over by a hacking group, OurMine, who used the hijack to promote its website and invite Netflix to get in touch. The social media team running the Netflix US Twitter account, which has 2.5 million followers, got off easily. Previous account …
John Leyden, 21 Dec 2016

Standards body warned SMS 2FA is insecure and nobody listened

The US National Institute of Standards and Technology's (NIST) advice that SMS is a poor way to deliver two factor authentication is having little impact, according to Duo Security. Last July NIST declared that sending one-time passwords to mobile phones was insecure. The organisation wrote in its advisory that the likelihood …
Darren Pauli, 6 Dec 2016

Create a news alert about 2fa, or find more stories about 2fa.

Biting the hand that feeds IT © 1998–2018