Android Police

Articles Tagged:

2fa

8

Samsung accounts switching to mandatory 2FA

Following the mysterious "1 1" notification Samsung sent out a couple weeks back, the company admitted to a "small" data breach that affected a handful of customers, claimed to be less than 150. It may have been a minor blip, but the company apparently isn't taking any chances. Based on an update to the Samsung Account app rolling out now via the Galaxy Store, Samsung is now making two-factor authentication mandatory for all new logins.

Read More
38

2FA apps like Google Authenticator reportedly vulnerable to malware snooping

Using app-generated one-time passcodes (OTPs) is perhaps the easiest and most cost-effective way to add a second authentication layer to all your online accounts and services. They eliminate almost any chances of an unauthorized person accessing your accounts even if they’ve got hold of your passwords. But it would be a scary situation if the passcodes within those apps were compromised, and that's just the threat Google Authenticator is facing right now thanks to some banking malware.

Read More
29

'Autofill code from Messages' feature spotted, makes entering SMS-based 2FA keys a snap

Last year, a new "verification code autofill" setting appeared as part of a Play Services update that promised to plug the SMS-based 2FA gap for apps that use Android's snazzy SMS Retriever API for verification codes. In short, it would be another way to autofill SMS 2FA codes that might be able to work with any app, regardless of developer support. And based on user reports, the feature may be rolling out.

Read More
6

Google releases open-source 2FA security key platform called OpenSK

Two-factor security is a basic requirement these days if you want to take your digital responsibilities seriously, but some hardware lacks the sort of public documentation that some privacy advocates feel is truly necessary to provide ideal security. Open source enthusiasts will be glad to hear that Google has just announced the release of OpenSK, an open-source implementation for security keys, supporting both FIDO U2F and FIDO2.

Read More
50

Your carrier will let basically any competent criminal hijack your phone number

One of the key pieces to our digital identities, whether we like it or not, is our mobile phone number. You likely use it one way or another in a two-factor authentication login (you shouldn't). Thing is, as it's been demonstrated quite a few times, they can be easily hijacked in a few easy steps by malicious actors ringing up carriers' customer service representatives — many of whom are all too understanding in helping users out of what's supposedly a stressful situation. So, just how easy is it to steal someone's phone number on a prepaid network? Researchers at Princeton University say extremely so in a recently published whitepaper draft.

Read More
18

Two-factor authentication should be mandatory for all of your accounts, and it's time for companies to step up

Today, Vice published a story detailing the abysmal security practices of Amazon's Ring brand of smart home security and surveillance products after a spate of compromised passwords (which have been inaccurately described as "hacked," even by The New York Times, who should know much better) led to terrifying privacy breaches for consumers across the US.

Compromised passwords are an extremely common source of account breaches, whether as part of account dumps on the dark web or through simple social engineering. Passwords are, for all of their virtues, very bad as security measures. In a world full of bad actors looking to compromise your personal privacy for the sake of spying on you or taking advantage of you financially, your password should be one of several lines of defense protecting you.

Read More
15

Google rolling out SMS verification code autofill to Android

Certain apps are able to automatically input SMS verification codes through Google's SMS Retriever API. If the app doesn't utilize the API, Android Messages is able to detect those codes and let users copy them right from the SMS notification. Now, it appears that Google is about to close the gap by having its own Autofill service pull SMS verification codes all by itself with the latest Google Play services update.

Read More