TechCrunch: Facebook is updating how you can authenticate your account logins

TechCrunch: Facebook is updating how you can authenticate your account logins . “You’ll soon have more options for staying secure on Facebook with two-factor authentication. Facebook is simplifying the process for two-factor verification on its platform so you won’t have to give the company your phone number just to bring additional security to your device. The company announced today that it is adding support for third-party authentication apps like Duo Security and Google Authenticator while streamlining the setup process to make it easier to get moving with it in the first place.”

YubiKey: Protect your Facebook, Google, and other online accounts with this hardware authentication key (ZDNet)

ZDNet: YubiKey: Protect your Facebook, Google, and other online accounts with this hardware authentication key. “Looking for a quick, easy, and affordable way to protect your Google account, Facebook, GitHub, Dropbox, Salesforce admin account (and much more)? Or maybe you’re looking for a way to harden your Mac or Windows login credentials. Take a look at the YubiKey.”

TechCrunch: Hacker Kevin Mitnick shows how to bypass 2FA

TechCrunch: Hacker Kevin Mitnick shows how to bypass 2FA . “A new exploit allows hackers to spoof two-factor authentication requests by sending a user to a fake login page and then stealing the username, password, and session cookie. KnowBe4 Chief Hacking Officer Kevin Mitnick showed the hack in a public video. By convincing a victim to visit a typo-squatting domain liked ‘LunkedIn.com’ and capturing the login, password, and authentication code, the hacker can pass the credentials to the actual site and capture the session cookie. Once this is done the hacker can login indefinitely. This essentially uses the one time 2FA code as a way to spoof a login and grab data.”

Naked Security: The Chrome extension that knows it’s you by the way you type

Naked Security: The Chrome extension that knows it’s you by the way you type. “Using multi-factor authentication (MFA) is more secure than relying on passwords alone – but could it be made even better? There is no shortage of ideas, one of which is keyboard dynamics (or biometrics), based on the long-understood observation that each person’s typing style is unique to them. Recently, a Romanian startup called TypingDNA has turned the concept into a free Chrome extension that can be used to add an extra layer of authentication to a wide range of websites by utilising this principle.”

MakeUseOf: How to Set Up Two-Factor Authentication on All Your Social Accounts

MakeUseOf: How to Set Up Two-Factor Authentication on All Your Social Accounts. “To add an extra layer of protection, you should consider using two-factor authentication. Two-factor authentication (also known as 2FA or two-step verification) is a security method that uses two different ways to verify your identity. Instead of only entering a password to log in, you’ll be asked to enter a code which is sent via text message to your phone or generated via an app. This verification helps make sure that only you can access your account. We’ve previously pointed out several internet services where you should enable 2FA. Today, let’s see which social media platforms support it and how you can enable them.”

Bloomberg: Google Will Retool User Security in Wake of Political Hack

Bloomberg: Google Will Retool User Security in Wake of Political Hack. “The Alphabet Inc. company next month will begin offering a service called the Advanced Protection Program that places a collection of features onto accounts such as email, including a new block on third-party applications from accessing data. The program would effectively replace the need to use two-factor authentication to protect accounts with a pair of physical security keys. The company plans to market the product to corporate executives, politicians and others with heightened security concerns, these people said.”

Naked Security: Google wants you to bid farewell to SMS authentication

Naked Security: Google wants you to bid farewell to SMS authentication. “Google’s campaign to nudge its vast user base towards more secure two-step (2SV) and two-factor (2FA) authentication continues: from this week anyone logging into its services using SMS codes will start receiving notifications from something called ‘Google prompt’.”