Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"
Paul Ducklin takes a look...
Just like you need two keys to launch a nuclear missile (and we really, really hope that you weren't planning to do that anytime soon), you can now flip on the extra protection of needing-two-things to get at your Tumblr dashboard.
Where do you find Extreme Spammers? Can you find the exploit unicorn? And how did Target get breached?
Find out in 60 Sec Security for 08 Feb 2014...
Intrepid chronicler of the Target breach, Brian Krebs, has uncovered yet another cog in the criminal gearbox behind Target's data disaster.
Guess what? 2FA and network segregation would have made things a lot harder for the crooks...
Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...
Here's an intriguing tale of an Android malware curveball spotted recently in SophosLabs.
You're expecting the pitch to come at you in a predictable direction, but a hidden twist in the action brings the onslaught from another angle altogether...
Yahoo has revealed that it's resetting passwords for a number of its email users after discovering a coordinated effort to gain access to accounts. We explain how Yahoo Mail users can better protect their accounts immediately.
What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.
A US man, Matthew A. Buchanan, has admitted that he and his accomplices jimmied open YouTube accounts via Google's password recovery process. They also hacked AOL email, right on up to the inbox of the AOL CEO himself.
Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.
The answer, sadly, seems to be, "Very little."
Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.
Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?
Turn bad news into good with "what you can do better" advice from Chet and Duck.
Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.
GitHub, one of the world's biggest online repositories of software source code, is warning users to jolly well shape up when it comes to login security.
Of course, GitHub isn't saying it quite like that (it is being more polite)...but we are!
By popular demand, the Chet Chat has gone back to a weekly format, so your favourite security podcast will now be appearing twice as frequently!
Listen to Chet and Duck in the latest episode...
It's National Cyber Security Awareness Month so we're going back to basics and looking at two-factor authentication.
Why did Facebook get into double trouble this week over privacy?
Find out the answer to this and more in just 60 seconds of entertaining and informative video!
Google has once again found itself all over the IT news for a spot of bother with its security software.
A recent Google Authenticator update accidentally removed all your accounts...