TechRadar: Google will soon make two-factor authentication mandatory

TechRadar: Google will soon make two-factor authentication mandatory. “One of the best ways to protect your online accounts is to have a second form of verification in place as this allows them to confirm that it is really you trying to log in. Google has been doing this for years by asking users to enroll in two-step verification (2SV) to confirm it’s really them by tapping on a prompt on their smartphone whenever they sign in. However, soon the company will begin automatically enrolling users in 2SV if their accounts are properly configured.”

CISA: Hackers bypassed MFA to access cloud service accounts (Bleeping Computer)

Bleeping Computer: CISA: Hackers bypassed MFA to access cloud service accounts. “While threat actors tried gaining access to some of their targets’ cloud assets via brute force attacks, they failed due to their inability to guess the correct credentials or because the attacked organization had MFA authentication enabled. However, in at least one incident, attackers were able to successfully sign into a user’s account even though the target had multi-factor authentication (MFA) enabled.”

Popular Science: How to make your Twitter account more secure in an age of hacks

Popular Science: How to make your Twitter account more secure in an age of hacks. “When someone is inside your account, they can send tweets, but they can also access your information. If they simply log in because they have your passwords, they can operate as if they’re you. As with most apps, two-factor authentication can help prevent this from happening since it puts an extra step between a hacker and your information.”

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA. “In an effort to help political campaigns tighten security, Google is partnering with nonprofit organization Defending Digital Campaigns to give qualifying political groups free access to Titan security keys. The physical keys, used as part of Google’s Advanced Protection security program, provide another level of two-factor authentication to protect Google accounts.”

Engadget: Google open-sources the tools needed to make 2FA security keys

Engadget: Google open-sources the tools needed to make 2FA security keys. “Security keys are designed to make logging in to devices simpler and more secure, but not everyone has access to them, or the inclination to use them. Until now. Today, Google has launched an open source project that will help hobbyists and hardware vendors build their own security keys, and contribute to the technology’s ongoing development.”

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions. “Facebook will stop the practice of using phone numbers meant for two-factor authentication to suggest friends you may know. The move is part of the company’s efforts to clean up its privacy practices. Reuters reported the change on Thursday, which Facebook confirmed.”

Popular Science: How to do two-factor authentication like a pro

Popular Science: How to do two-factor authentication like a pro . “…deciding to activate 2FA is like deciding you want to start running—do you just want to jog a bit, train for a 5k, or get yourself in shape for an entire marathon? There are a number of options, including apps and security keys, that provide different levels of protection for all your security and privacy needs. You can use a single method that works best for you, or employ several for one account, depending on the platform. The choice is yours.”

How-To Geek: How to Move Google Authenticator to a New Phone (or Multiple Phones)

How-To Geek: How to Move Google Authenticator to a New Phone (or Multiple Phones). “Thankfully, it’s not difficult to move Google Authenticator codes from one phone to another, although, admittedly, it can be somewhat cumbersome and time-consuming. Google intended this, more or less, by design. It shouldn’t be too easy to retrieve authentication codes from anywhere except the device you’re using for your two-factor authentication, or the whole value of 2FA would be moot.”