The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA. “In an effort to help political campaigns tighten security, Google is partnering with nonprofit organization Defending Digital Campaigns to give qualifying political groups free access to Titan security keys. The physical keys, used as part of Google’s Advanced Protection security program, provide another level of two-factor authentication to protect Google accounts.”

Google Blog: More protection for Nest accounts

Google Blog: More protection for Nest accounts. “We’re always exploring how to protect your privacy and security while also giving you control over the ease of access to your account and what you share. After all, devices like cameras and smoke alarms are essential in emergencies…. The best way to do this is by migrating to a Google account, which comes with lots of added benefits, including security protections like suspicious activity detection and Security Checkup. But for those who haven’t migrated yet, here are some new measures we’ve put in place to invest in keeping your Nest account secure.”

Engadget: Google open-sources the tools needed to make 2FA security keys

Engadget: Google open-sources the tools needed to make 2FA security keys. “Security keys are designed to make logging in to devices simpler and more secure, but not everyone has access to them, or the inclination to use them. Until now. Today, Google has launched an open source project that will help hobbyists and hardware vendors build their own security keys, and contribute to the technology’s ongoing development.”

BetaNews: Now you can use your iPhone as a 2FA key for Google apps

BetaNews: Now you can use your iPhone as a 2FA key for Google apps. “Two-factor authentication is a handy means of securing accounts, and now iPhone users are able to use their handsets as a security key for their Google accounts. An update to the Google Smart Lock app brings the functionality to Apple fans, several months after the feature was made available to Android users.”

Vox Recode: Simple changes to Amazon’s Ring could protect users from hacks

Vox Recode: Simple changes to Amazon’s Ring could protect users from hacks. “Ring’s defense misses the point and is a disservice to its customers. Yes, it’s important to know that the hack wasn’t a breach of Ring’s internal systems, but that is unlikely to prevent such hacks from continuing to happen. Rather than dismissing the incident and putting the blame on users, the company could roll out a simple change that privacy experts have long advocated for on just about any service or product that requires a login: mandatory two-factor authentication.”

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions. “Facebook will stop the practice of using phone numbers meant for two-factor authentication to suggest friends you may know. The move is part of the company’s efforts to clean up its privacy practices. Reuters reported the change on Thursday, which Facebook confirmed.”

PSA: Twitter finally ditches SMS for two-factor authentication (The Next Web)

The Next Web, with a big side of YAY!: PSA: Twitter finally ditches SMS for two-factor authentication. “Twitter has finally done the impossible: it’s allowing users to enroll for its two-factor authentication (2FA) program without requiring a phone number. What’s more, it’s also providing an option to disable SMS-based 2FA, which is known to be flawed and insecure.”

BetaNews: Google launches USB-C Titan security key

BetaNews: Google launches USB-C Titan security key. “Does your laptop have USB-A ports? Gross! Don’t you know no one uses them anymore? Everyone uses USB-C now. I am, of course, being facetious — USB-C, while great, still has a long way to go before dethroning the ubiquitous Type A. With that said, there are computers that are USB-C only, such as Apple’s MacBook Pro. Owners of those computers have to get dongles to use their USB-A devices. Tomorrow, however, Google is making it possible to ditch the dongle when using a Titan security key.”

Popular Science: How to do two-factor authentication like a pro

Popular Science: How to do two-factor authentication like a pro . “…deciding to activate 2FA is like deciding you want to start running—do you just want to jog a bit, train for a 5k, or get yourself in shape for an entire marathon? There are a number of options, including apps and security keys, that provide different levels of protection for all your security and privacy needs. You can use a single method that works best for you, or employ several for one account, depending on the platform. The choice is yours.”

How-To Geek: How to Move Google Authenticator to a New Phone (or Multiple Phones)

How-To Geek: How to Move Google Authenticator to a New Phone (or Multiple Phones). “Thankfully, it’s not difficult to move Google Authenticator codes from one phone to another, although, admittedly, it can be somewhat cumbersome and time-consuming. Google intended this, more or less, by design. It shouldn’t be too easy to retrieve authentication codes from anywhere except the device you’re using for your two-factor authentication, or the whole value of 2FA would be moot.”

Engadget: How a trivial cell phone hack is ruining lives

Engadget: How a trivial cell phone hack is ruining lives. “It would be really great if there was a security trick or technique I could offer or recommend for people to do to prevent their SIMs from being ported (swapped, stolen). Like ‘here’s this extra, annoying security step you can add to your SIM account.’ The truth is, cell carrier companies haven’t done much, if anything, to increase SIM security.” Get a YubiKey!

Yubico YubiKey lets you be me: Security blunder sparks recall of govt-friendly auth tokens (The Register)

The Register: Yubico YubiKey lets you be me: Security blunder sparks recall of govt-friendly auth tokens. “The vendor said the firmware in the FIPS Series of YubiKey widgets, aimed mainly at US government use, were prone to a reduced-randomness condition that could make their cryptographic operations easier to crack in some cases, particularly when the USB-based token is first powered up.”

Search Engine Journal: Facebook’s Faulty SMS Two-Factor Authentication is Locking Out An Alarming Number of Users

Search Engine Journal: Facebook’s Faulty SMS Two-Factor Authentication is Locking Out An Alarming Number of Users. “An issue with Facebook’s SMS two-factor authentication is keeping a significant number of users locked out of their accounts. The problem is users are not receiving text messages from Facebook which they need to verify ownership of their accounts.”