Android Police

Articles Tagged:

2fa

...

Google is testing revised two-step verification prompts on mobile

Two-factor authentication is something that everyone should have on their Google accounts, but the traditional SMS and Google Authenticator methods can be a bit tedious. Back in 2016, Google added a new two-step verification approval prompt for Android devices that is painless to both set up and use. The prompt has gone through several design revisions since its initial release, and Google is currently experimenting with two new layouts.

Read More
...

UK bank falls victim to SS7 attacks, allowing cybercriminals to drain accounts and reminding us why SMS two-factor authentication sucks

By now everyone should know that two-factor authentication via SMS is outdated and insecure. But in case anyone needs a reminder, here it is: Metro Bank in the UK was recently the victim of something called SS7 attacks, which basically allow anyone with access to reroute text messages and calls as they please, as well as track the location of a compromised phone. This is far from the first time this has happened, and it seems European banks are more at risk than US banks.

Read More
...

Instagram two-factor authentication app support is now live

Securing your account logins with two-factor authentication (2FA) is a very healthy online habit to get into, but it can be annoying when services decide to only send the codes via SMS. An authentication app isn't only more convenient, it's also safer because regular messages could still be intercepted or forwarded. For a while now, Instagram was one of very few accounts I use that only supported 2FA via SMS, but proper authentication app support was promised recently, and now it appears to be rolling out.

Read More
...

Yubico launches new YubiKey 5 Series 2FA keys, supports passwordless FIDO2 and NFC

Yubico, one of the more well-known names in two-factor hardware security keys, has just revealed its new YubiKey 5 Series: four new keys that all support FIDO2, and a big USB-A model that does NFC. The new keys look almost exactly like their counterparts in the old YubiKey 4 Series, with the same durable designs for both USB-A and USB-C keys.

Read More
...

Google Titan Security Key review: A $50 hardware 2FA bundle with outdated connectors

Those of us that care about our online security probably use some form of two-factor authentication to secure our most important accounts, but even the strongest password and the longest authentication code are still subject to something as simple as a phishing attack, which is why so many have switched to hardware security keys. Google helped to create the Universal 2nd Factor (U2F) hardware authentication standard, and now it's releasing its own product to consumers: the $50 Titan Security Key.

Read More
...

Instagram is finally rolling out support for two-factor authentication apps

With a billion monthly active users and immense cultural influence, it's surprising that Instagram is only now rolling out a fairly standard modern security feature: support for two-factor authentication apps. Still, following the better-late-than-never mentality, the the roughly eight-year-old social platform announced the feature is now rolling out, giving its users a better way to secure their logins. Along with this much-anticipated change come new public info pages about large Instagram accounts, and an easily accessible verification request form.

Read More
...

Google’s 89,000+ employees have had zero phishing incidents since switching to hardware security keys in 2017

Phishing attacks are deceptively successful against less experienced users, but even those that consider themselves reasonably technical can occasionally fall prey to the simple approach. According to a recent report by Krebs on Security, Google and its employees aren't among the 76% of businesses that have been victims of phishing attacks in the last year. In fact, not one of the company's employees work accounts has been successfully phished since 2017, thanks to hardware 2FA security keys.

Read More
...

Android Messages 3.2 adds 2FA code copy shortcuts [APK Download]

Two-factor authentication is a great way to make your accounts more secure, but using SMS messages for the codes is a bit of a hassle: request code, switch apps, copy code, switch apps, paste code (or read and remember the code, but what is this, the 1840s?). Android Messages has a new trick that makes the process a little easier: it now parses 2FA codes from texts and presents the option to copy them with a single tap.

Read More
...

G Suite admins can now adjust web session durations, force 2FA prompts for every login

By default, G Suite web sessions are automatically signed out of after two weeks. But to better tailor to each company, Google is now allowing G Suite admins to specify a more precise session length from a dropdown list. Additionally, admins can also now force two-factor authentication prompts to pop up on every sign-in for better security.

Read More
...

AT&T, Sprint, Verizon, and T-Mobile reveal details about 'next-generation' two-factor authentication

It has been proven time and time again that using SMS for two-factor authentication isn't very secure. While it's certainly better than having no 2FA at all, working around it only takes someone fooling a carrier into sending them a SIM card meant for you. Likely due to so many of these accidents occurring, all major US carriers began working to improve mobile 2FA last year.

Read More