Motherboard: The White House’s Plan to Stop Government Employees From Getting Phished

Motherboard: The White House’s Plan to Stop Government Employees From Getting Phished. “The White House has an ambitious plan to greatly reduce the risk of phishing to the U.S. government. Part of that is having agencies phase out the use of SMS and app-based multi-factor authentication, and replace them with phishing-resistant methods such as hardware security keys.”

The Verge: Google is about to turn on two-factor authentication by default for millions of users

The Verge: Google is about to turn on two-factor authentication by default for millions of users. “In May, Google announced plans to enable two-factor authentication (or two-step verification as it’s referring to the setup) by default to enable more security for many accounts. Now it’s Cybersecurity Awareness Month, and Google is once again reminding us of that plan, saying in a blog post that it will enable two-factor for 150 million more accounts by the end of this year.”

Make Tech Easier: The Best Two-Factor Authentication (2FA) Apps That Sync With Multiple Devices

Make Tech Easier: The Best Two-Factor Authentication (2FA) Apps That Sync With Multiple Devices. “If you’re conscious about your online security, two-factor authentication (2FA) should be on your radar. For the unaware, it’s a better way to validate your identity when you log in to a website than just a single password. It will provide a one-time code that you’ll enter into a dedicated field which authenticates your other credentials. In this post, we look at some 2FA apps that sync across devices, to let you log in wherever you are.”

The Conversation: How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security

The Conversation: How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security. “Major vendors such as Microsoft have urged users to abandon 2FA solutions that leverage SMS and voice calls. This is because SMS is renowned for having infamously poor security, leaving it open to a host of different attacks.”

TechRadar: Google will soon make two-factor authentication mandatory

TechRadar: Google will soon make two-factor authentication mandatory. “One of the best ways to protect your online accounts is to have a second form of verification in place as this allows them to confirm that it is really you trying to log in. Google has been doing this for years by asking users to enroll in two-step verification (2SV) to confirm it’s really them by tapping on a prompt on their smartphone whenever they sign in. However, soon the company will begin automatically enrolling users in 2SV if their accounts are properly configured.”

CISA: Hackers bypassed MFA to access cloud service accounts (Bleeping Computer)

Bleeping Computer: CISA: Hackers bypassed MFA to access cloud service accounts. “While threat actors tried gaining access to some of their targets’ cloud assets via brute force attacks, they failed due to their inability to guess the correct credentials or because the attacked organization had MFA authentication enabled. However, in at least one incident, attackers were able to successfully sign into a user’s account even though the target had multi-factor authentication (MFA) enabled.”

Popular Science: How to make your Twitter account more secure in an age of hacks

Popular Science: How to make your Twitter account more secure in an age of hacks. “When someone is inside your account, they can send tweets, but they can also access your information. If they simply log in because they have your passwords, they can operate as if they’re you. As with most apps, two-factor authentication can help prevent this from happening since it puts an extra step between a hacker and your information.”

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA

The Verge: Google will provide political campaigns free access to Titan security keys for better 2FA. “In an effort to help political campaigns tighten security, Google is partnering with nonprofit organization Defending Digital Campaigns to give qualifying political groups free access to Titan security keys. The physical keys, used as part of Google’s Advanced Protection security program, provide another level of two-factor authentication to protect Google accounts.”

Engadget: Google open-sources the tools needed to make 2FA security keys

Engadget: Google open-sources the tools needed to make 2FA security keys. “Security keys are designed to make logging in to devices simpler and more secure, but not everyone has access to them, or the inclination to use them. Until now. Today, Google has launched an open source project that will help hobbyists and hardware vendors build their own security keys, and contribute to the technology’s ongoing development.”