two-factor

(get it in RSS or Atom)

Flaw in PayPal’s two-factor authentication, but keep calm and carry on!

Security researchers in the USA have just disclosed a flaw in PayPal's 2FA system.

Paul Ducklin looks at the mistakes that PayPal made, and what's been done to sort them out...

"Heartbleed" - would 2FA have helped?

2fa-250

Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"

Paul Ducklin takes a look...

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Sophos Techknow - Two-factor Authentication [PODCAST]

techknow-logo-170-of-250-at-0250x0250

To some of us, two-factor authentication (2FA) is a welcome aspect of online security; to others, token or SMS-based login codes are just extra online hassle we'd rather do without.

Duck and Chet help you evaluate the risks and rewards of 2FA in this enjoyable quarter-hour podcast.

SSCC 105 - HP printers, Google blocks ad blockers, Apple does the 2-step, and more...

sscc-105-250

Have you joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 105, discussing a range of recent and newsworthy topics from the world of computer security.

Apple introduces two-factor verification for Apple IDs

apple-id-icons-250

After celebrity Web 2.0 journalist Mat Honan had all his iDevices remote-wiped by a cybercrook last year, Apple's login security has been under scrutiny.

Good news! Apple has finally bitten the bullet and started offering two-factor verification for Apple ID users...

Google patches bug that allows attackers to slip past two-factor authentication

google-2-step_thumb

Attackers could - until Google issued a fix last Thursday, that is - bypass Google accounts' two-step login verification, reset a user's master password, and gain full profile control, just by capturing a user's application-specific password.

Facebook to exclude phone numbers from reverse lookup - for users of two-factor authentication, anyway

Facebook to exclude phone numbers from reverse search - for users of two-factor SMS authentication, anyway

Facebook's SMS-based login security was a Catch-22. You had to give Facebook your phone number to improve security. But that exposed your phone number to the vagaries of the Facebook search system.

That's now changed, but apparently only temporarily, while Facebook decides what happens next.

FLAMING RETORT - Three words for RSA. Promptness. Clarity. Openness.

FLAMING RETORT - Three words for RSA. Promptness. Clarity. Openness.

It's no good having mandatory data breach disclosure laws if all they teach us is to admit we had a breach. We also need to convey information of obvious practical value to all affected parties.

Three words. Promptness. Clarity. Openness.

Facebook announces new security features - but do they go far enough?

Facebook announces new security features - but do they go far enough?

Facebook has just published an article entitled Keeping You Safe from Scams and Spam. It's all about improving security on its network.

Paul Ducklin reports on the good, the bad and the missing.

Facebook's two-factor authentication announcement raises questions

text-message-thumb

Amid rising concern about its attitude to privacy and safety, Facebook has announced that it is introducing a two-factor authentication system in an attempt to prevent unauthorised account logins.