Your phone and its associated number are always with you, and only you, so it makes sense that a text message sent to you is a solid secondary method for authenticating a login. But savvy tech users know this method of verification is rife for exploitation: SIM jacking, SS7 attacks, and other hacking methods are now common. A recent investigation showed that it's possible to perform similar attacks with readily-available marketing tools, with the victim none the wiser.
If you're trying to take online safety seriously these days, there's no better way to keep your accounts protected than by turning to physical security keys. A few months ago, Twitter stepped up and added support for two-factor authentication keys on mobile devices, and now it's Facebook's turn to do the same. Beginning today, the company now allows users to register and use hardware security keys on Android and iOS.
Your online accounts are much safer when you rely on more than only a password, and that's where two-factor authentication (2FA) apps come in. You can use them to create an extra layer of security for your accounts, requiring you to enter a one-time password (OTP) in addition to your regular credentials when you log in. That prevents hackers from accessing your account with a stolen password only.
It's been a while since Google started dunking its apps in a bucket of dark-mode paint, and, as of today, most of them have received that treatment. With support for dark mode almost being the norm now, it's annoying to come across an odd app or some elements that don't follow it just yet. Google's 2FA prompt on Android is guilty of this, but it seems like redemption isn't far.
If you're at all serious about online security, you're sure to have at least a passing familiarity with two-factor authentication, or 2FA. Single-use codes sent in text messages or emails are probably the most common type of 2FA, but there are more secure methods. The YubiKey 5C NFC facilitates several of those methods in a small, affordable package: at 55 bucks, it's a pretty fantastic little gadget. Honestly, everybody should have one of these things.
There are plenty of forms of so-called two-factor authentication when it comes to security, and not all of them are equal. Among the higher tiers of security is an actual, physical hardware key that requires you to plug it in when signing into an account. Fans of the standard will be glad to hear that Twitter has just announced that hardware key-based two-factor authentication can now be used to log in on Android and iOS.
Twitch has supported two-factor authentication for a long time, but the company went out of its way to make it as inconvenient as possible. You were either limited to insecure SMS messages or had to use Authy and its proprietary 2FA API. Thankfully, Twitch has announced that it's launching support for any 2FA authentication apps, like any web service should. The streaming service even entices you with six exclusive emotes.
In our modern world where anyone could be a hacker (even a Florida teen), it's important to keep our data secure. Google has been pushing its 2-Step Verification program as a way to make sure it's really you logging into your account. Now, the company has announced that 2FA will be mandatory for new users of the Google Play Console soon and existing users with high-risk permissions late this year.
Google is making another push on two-step verification for G Suite users by making its phone prompts the default login authentication method, displacing less secure methods like SMS and voice codes. The new policy takes effect the same day those prompts will start appearing on every device a user is signed into.
One of the methods Google account holders can use as a two-step verification procedure is a Google prompt — a server-fed yes/no screen sent to a device that user is already signed in on to verify a login attempt on a new device. Right now, users can add or remove devices that can receive them. But an upcoming change may take away that ability and push those prompts to every device, every time they need to perform a device login.