ZDNet: Android malware can steal Google Authenticator 2FA code

ZDNet: Android malware can steal Google Authenticator 2FA codes. “Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts.”

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA. “In an effort to help political campaigns tighten security, Google is partnering with nonprofit organization Defending Digital Campaigns to give qualifying political groups free access to Titan security keys. The physical keys, used as part of Google’s Advanced Protection security program, provide another level of two-factor authentication to protect Google accounts.”

Engadget: Google open-sources the tools needed to make 2FA security keys

Engadget: Google open-sources the tools needed to make 2FA security keys. “Security keys are designed to make logging in to devices simpler and more secure, but not everyone has access to them, or the inclination to use them. Until now. Today, Google has launched an open source project that will help hobbyists and hardware vendors build their own security keys, and contribute to the technology’s ongoing development.”

BetaNews: Now you can use your iPhone as a 2FA key for Google apps

BetaNews: Now you can use your iPhone as a 2FA key for Google apps. “Two-factor authentication is a handy means of securing accounts, and now iPhone users are able to use their handsets as a security key for their Google accounts. An update to the Google Smart Lock app brings the functionality to Apple fans, several months after the feature was made available to Android users.”

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions. “Facebook will stop the practice of using phone numbers meant for two-factor authentication to suggest friends you may know. The move is part of the company’s efforts to clean up its privacy practices. Reuters reported the change on Thursday, which Facebook confirmed.”

PSA: Twitter finally ditches SMS for two-factor authentication (The Next Web)

The Next Web, with a big side of YAY!: PSA: Twitter finally ditches SMS for two-factor authentication. “Twitter has finally done the impossible: it’s allowing users to enroll for its two-factor authentication (2FA) program without requiring a phone number. What’s more, it’s also providing an option to disable SMS-based 2FA, which is known to be flawed and insecure.”

Popular Science: How to do two-factor authentication like a pro

Popular Science: How to do two-factor authentication like a pro . “…deciding to activate 2FA is like deciding you want to start running—do you just want to jog a bit, train for a 5k, or get yourself in shape for an entire marathon? There are a number of options, including apps and security keys, that provide different levels of protection for all your security and privacy needs. You can use a single method that works best for you, or employ several for one account, depending on the platform. The choice is yours.”