Your phone and its associated number are always with you, and only you, so it makes sense that a text message sent to you is a solid secondary method for authenticating a login. But savvy tech users know this method of verification is rife for exploitation: SIM jacking, SS7 attacks, and other hacking methods are now common. A recent investigation showed that it's possible to perform similar attacks with readily-available marketing tools, with the victim none the wiser.
If you're trying to take online safety seriously these days, there's no better way to keep your accounts protected than by turning to physical security keys. A few months ago, Twitter stepped up and added support for two-factor authentication keys on mobile devices, and now it's Facebook's turn to do the same. Beginning today, the company now allows users to register and use hardware security keys on Android and iOS.
Your online accounts are much safer when you rely on more than only a password, and that's where two-factor authentication (2FA) apps come in. You can use them to create an extra layer of security for your accounts, requiring you to enter a one-time password (OTP) in addition to your regular credentials when you log in. That prevents hackers from accessing your account with a stolen password only.
There are plenty of forms of so-called two-factor authentication when it comes to security, and not all of them are equal. Among the higher tiers of security is an actual, physical hardware key that requires you to plug it in when signing into an account. Fans of the standard will be glad to hear that Twitter has just announced that hardware key-based two-factor authentication can now be used to log in on Android and iOS.
Twitch has supported two-factor authentication for a long time, but the company went out of its way to make it as inconvenient as possible. You were either limited to insecure SMS messages or had to use Authy and its proprietary 2FA API. Thankfully, Twitch has announced that it's launching support for any 2FA authentication apps, like any web service should. The streaming service even entices you with six exclusive emotes.
Google is making another push on two-step verification for G Suite users by making its phone prompts the default login authentication method, displacing less secure methods like SMS and voice codes. The new policy takes effect the same day those prompts will start appearing on every device a user is signed into.
Keeping all your accounts secure is incredibly important, which is why we're running a series about how two-factor authentication can improve security, and how to enable 2FA on all your commonly-used accounts. An issue with legacy logins recently lead to hackers gaining access to 160,000 Nintendo Accounts, so it seems a good a time as any to explain how to set up two-factor authentication on Nintendo's online services.
Google started beefing up Nest account security last year after a string of embarrassing but entirely preventable hacks. Part of that effort was mandatory two-factor authentication (2FA) for logins starting in spring 2020, and the time has come. Google says all Nest users will begin seeing 2FA prompts this month.
This story was originally published and last updated .
Your online accounts (or at least, some of them) probably have troves of personal data in them, which is why hackers are constantly looking for ways to break into them. Passwords are usually their way in, as many people re-use passwords or choose common phrases. Even sharing the same password across two or more services can lead to trouble, as publicly-accessible password dumps become more common. Two-factor authentication, or 2FA for short, adds a second step to the login process that usually involves a temporary code or physical key — which makes it much harder for hackers to gain access to your accounts.
Adding two-factor authentication to your online accounts is a great way to stay secure, as it means an attacker will need more than just your password if they want to gain access to your data. Your Google account likely has a treasure trove of data, especially if you use Gmail, so it's probably one of the services you need to protect the most.