2FA

(get it in RSS or Atom)

Reminder: iCloud's going to demand app-specific passwords from third-party apps

icloud-app-2sv-250

Yes, your third-party calendar, mail and contacts apps that don't support Apple's new two-factor authentication system are going to turn 10 toes up on your iThings. You'll need app-specific passwords to get at the cloud data.

Apple adds two-step verification for iCloud, effective immediately

icloud-250

Apple has listened, and extended its two-step verification system to iCloud.

It's a great start...but does it go far enough?

Tim Cook says Apple *does* care about iCloud Security. But is that enough? [POLL]

2sv-cloud-250

Tim Cook told the WSJ that, yes Apple *does* care about iCloud security, and will take steps to make it more secure.

Really?

Nude celeb selfies doxing prompts 4chan to change policy

Nude celeb selfies doxing prompts 4chan to change policy

4chan says it's now going to comply with the Digital Millennium Copyright Act (DMCA), which allows content owners to get illegally shared material removed, after it served as the launchpad for the recent nude celebrity photo theft scandal.

Apple, please provide better protection for iCloud - Secure our Selfies!

iCloud

In the wake of exposed candid celebrity photos Apple recommends using two-step verification. Would this have made a difference? Should Apple strengthen its authentication options?

Is Apple slack at security on iOS? 60 Sec Security [VIDEO]

60ss-video-250

What went wrong with PayPal's 2FA? Why did Microsoft do an email U-turn? Is Apple slack at security on iOS?

It'll only take a minute to find out...

Flaw in PayPal’s two-factor authentication, but keep calm and carry on!

Security researchers in the USA have just disclosed a flaw in PayPal's 2FA system.

Paul Ducklin looks at the mistakes that PayPal made, and what's been done to sort them out...

"Heartbleed" - would 2FA have helped?

2fa-250

Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"

Paul Ducklin takes a look...

Tumblr beefs up security with two-factor authentication

Tumblr

Just like you need two keys to launch a nuclear missile (and we really, really hope that you weren't planning to do that anytime soon), you can now flip on the extra protection of needing-two-things to get at your Tumblr dashboard.

The Spampionship, the PWN2OWN unicorn, and how Target was breached - 60 Sec Security [VIDEO]

2014-02-08-unicorn-250

Where do you find Extreme Spammers? Can you find the exploit unicorn? And how did Target get breached?

Find out in 60 Sec Security for 08 Feb 2014...

Did the crooks who broke into Target tailgate the cleaners?

target-250

Intrepid chronicler of the Target breach, Brian Krebs, has uncovered yet another cog in the criminal gearbox behind Target's data disaster.

Guess what? 2FA and network segregation would have made things a lot harder for the crooks...

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

Android banking malware with a twist in the delivery

Here's an intriguing tale of an Android malware curveball spotted recently in SophosLabs.

You're expecting the pitch to come at you in a predictable direction, but a hidden twist in the action brings the onslaught from another angle altogether...

Yahoo prompts password reset after mass attack on email service

Yahoo

Yahoo has revealed that it's resetting passwords for a number of its email users after discovering a coordinated effort to gain access to accounts. We explain how Yahoo Mail users can better protect their accounts immediately.

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Just how secure is that mobile banking app?

https-tablet-250

Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.

The answer, sadly, seems to be, "Very little."

SSCC 129 - Hypervisors, apologies, backdoors and Twitter hacks [PODCAST]

sscc-129-thumb-250

Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

SSCC 126 - Zero-day, Bitcoins, passwords and randomness [PODCAST]

Turn bad news into good with "what you can do better" advice from Chet and Duck.

Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.