ZDNet: Android malware can steal Google Authenticator 2FA code

ZDNet: Android malware can steal Google Authenticator 2FA codes. “Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts.”

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA. “In an effort to help political campaigns tighten security, Google is partnering with nonprofit organization Defending Digital Campaigns to give qualifying political groups free access to Titan security keys. The physical keys, used as part of Google’s Advanced Protection security program, provide another level of two-factor authentication to protect Google accounts.”

Google Blog: More protection for Nest accounts

Google Blog: More protection for Nest accounts. “We’re always exploring how to protect your privacy and security while also giving you control over the ease of access to your account and what you share. After all, devices like cameras and smoke alarms are essential in emergencies…. The best way to do this is by migrating to a Google account, which comes with lots of added benefits, including security protections like suspicious activity detection and Security Checkup. But for those who haven’t migrated yet, here are some new measures we’ve put in place to invest in keeping your Nest account secure.”

Engadget: Google open-sources the tools needed to make 2FA security keys

Engadget: Google open-sources the tools needed to make 2FA security keys. “Security keys are designed to make logging in to devices simpler and more secure, but not everyone has access to them, or the inclination to use them. Until now. Today, Google has launched an open source project that will help hobbyists and hardware vendors build their own security keys, and contribute to the technology’s ongoing development.”

BetaNews: Now you can use your iPhone as a 2FA key for Google apps

BetaNews: Now you can use your iPhone as a 2FA key for Google apps. “Two-factor authentication is a handy means of securing accounts, and now iPhone users are able to use their handsets as a security key for their Google accounts. An update to the Google Smart Lock app brings the functionality to Apple fans, several months after the feature was made available to Android users.”

Vox Recode: Simple changes to Amazon’s Ring could protect users from hacks

Vox Recode: Simple changes to Amazon’s Ring could protect users from hacks. “Ring’s defense misses the point and is a disservice to its customers. Yes, it’s important to know that the hack wasn’t a breach of Ring’s internal systems, but that is unlikely to prevent such hacks from continuing to happen. Rather than dismissing the incident and putting the blame on users, the company could roll out a simple change that privacy experts have long advocated for on just about any service or product that requires a login: mandatory two-factor authentication.”

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions. “Facebook will stop the practice of using phone numbers meant for two-factor authentication to suggest friends you may know. The move is part of the company’s efforts to clean up its privacy practices. Reuters reported the change on Thursday, which Facebook confirmed.”