Most of us value our security, even if we might be a bit too lazy to make every single account as safe as it can/should be, and that's the problem. It's hard to get all your accounts set up with stuff like two-factor authentication/2FA between all the different methods and the fact that you can't even set it up for all your accounts from every platform. Google just eliminated at least one barrier with a change today, though, as the company is now allowing you to enroll security keys from Android using Chrome, as well as macOS devices running Safari. Read More
Following the mysterious "1 1" notification Samsung sent out a couple weeks back, the company admitted to a "small" data breach that affected a handful of customers, claimed to be less than 150. It may have been a minor blip, but the company apparently isn't taking any chances. Based on an update to the Samsung Account app rolling out now via the Galaxy Store, Samsung is now making two-factor authentication mandatory for all new logins. Read More
Using app-generated one-time passcodes (OTPs) is perhaps the easiest and most cost-effective way to add a second authentication layer to all your online accounts and services. They eliminate almost any chances of an unauthorized person accessing your accounts even if they’ve got hold of your passwords. But it would be a scary situation if the passcodes within those apps were compromised, and that's just the threat Google Authenticator is facing right now thanks to some banking malware. Read More
Two-factor security is a basic requirement these days if you want to take your digital responsibilities seriously, but some hardware lacks the sort of public documentation that some privacy advocates feel is truly necessary to provide ideal security. Open source enthusiasts will be glad to hear that Google has just announced the release of OpenSK, an open-source implementation for security keys, supporting both FIDO U2F and FIDO2. Read More
One of the key pieces to our digital identities, whether we like it or not, is our mobile phone number. You likely use it one way or another in a two-factor authentication login (you shouldn't). Thing is, as it's been demonstrated quite a few times, they can be easily hijacked in a few easy steps by malicious actors ringing up carriers' customer service representatives — many of whom are all too understanding in helping users out of what's supposedly a stressful situation. So, just how easy is it to steal someone's phone number on a prepaid network? Researchers at Princeton University say extremely so in a recently published whitepaper draft. Read More
Today, Vice published a story detailing the abysmal security practices of Amazon's Ring brand of smart home security and surveillance products after a spate of compromised passwords (which have been inaccurately described as "hacked," even by The New York Times, who should know much better) led to terrifying privacy breaches for consumers across the US.
Compromised passwords are an extremely common source of account breaches, whether as part of account dumps on the dark web or through simple social engineering. Passwords are, for all of their virtues, very bad as security measures. In a world full of bad actors looking to compromise your personal privacy for the sake of spying on you or taking advantage of you financially, your password should be one of several lines of defense protecting you. Read More
Certain apps are able to automatically input SMS verification codes through Google's SMS Retriever API. If the app doesn't utilize the API, Android Messages is able to detect those codes and let users copy them right from the SMS notification. Now, it appears that Google is about to close the gap by having its own Autofill service pull SMS verification codes all by itself with the latest Google Play services update. Read More