Troy Hunt: Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt: Beyond Passwords: 2FA, U2F and Google Advanced Protection

For example, if you physically have someone's mobile phone in your hand and it's unlocked, you could login to an account by initiating a password reset, receiving the email in their email client then entering the "2nd factor" token sent via SMS or generated by a soft token app on the device.

Private by Design: How we built Firefox Sync

Private by Design: How we built Firefox Sync

Where does it go?” With the Firefox Sync design, you enter a passphrase of your choosing and it is used to derive an encryption key that never leaves your computer.

In a court filing, Edward Snowden says a report critical to an NSA lawsuit is authentic

In a court filing, Edward Snowden says a report critical to an NSA lawsuit is authentic

Snowden’s signed declaration, filed on October 31, confirms that one of the documents he leaked, which the EFF relied heavily on for its case, is an authentic draft document written by the then-NSA inspector general in 2009, which exposed concerns about the legality of the Bush’s warrantless surveillance program — Stellar Wind — particularly the collection of bulk email records on Americans.

How to encrypt your entire life in less than an hour

How to encrypt your entire life in less than an hour

Hackers were then able to use his email and password to gain access to his Twitter and Pinterest accounts. Tip #5: Send private text messages with Signal If you want reasonably private browsing (no system can ever be 100% secure), you should use Tor.

Experian Flaw Just Revealed PINs Protecting Credit Data

Experian Flaw Just Revealed PINs Protecting Credit Data

Experian’s site exposed the personal identification numbers — the PINs needed to thaw credit freezes — after users answered their security questions with a blanket answer: None of the above.

Securing your users' authentication

Securing your users' authentication

This way, if a user’s account is compromised and the attacker locks the user out, the user can still use the printed page to reset their account, change their password and add two-factor auth to make the account more secure.

Four Puzzling Issues Of Identity Authentication In The Digital Era

Four Puzzling Issues Of Identity Authentication In The Digital Era

Password-less Authentication Use of PIN to eliminate passwords Biometrics in two/multi-factor authentication for better security Advantage of physical tokens as against onetime codes by SMS

Facebook Confirms Giving Advertisers Access to User Phone Numbers

Facebook Confirms Giving Advertisers Access to User Phone Numbers

“We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts.” In a Gizmodo report published Wednesday, two studies found that the social network was giving advertisers access to data sources that users did not explicitly permit could be used.

You Gave Facebook Your Number For Security. They Used It For Ads.

You Gave Facebook Your Number For Security. They Used It For Ads.

They found that Facebook harvests user phone numbers for targeted advertising in two disturbing ways: two-factor authentication (2FA) phone numbers, and “shadow” contact information. However, until just four months ago, Facebook required users to enter a phone number to turn on any type of 2FA, even though it offers its authenticator as a more secure alternative.

Internet Privacy You Control

Internet Privacy You Control

Internet Privacy, Acceleration, and Authentication YOU Control Internet Privacy, Acceleration, and Authentication YOU Control and get paid for it. "I do not want to live in a world where everything that I say, everything I do, everyone I talk to, every expression of creativity or love or friendship is recorded." ~ Edward Snowden

Introducing the Librem Key – Purism

Introducing the Librem Key – Purism

In addition to multi-factor authentication, security tokens can also often store your private GPG keys in a tamper-proof way so you can protect them from attackers who may compromise your laptop.

James Stanley

James Stanley

Ricochet is instant messaging software that communicates over Tor, authenticates peers by their Tor onion address, and communicates directly peer-to-peer (via Tor hidden services) without any centralised servers involved.

Introducing the Qubes U2F Proxy

Introducing the Qubes U2F Proxy

This means that if anything in your twitter qube were compromised — the browser or even the OS itself — it would still not be able to access the U2F keys on your token for any other websites or services, like your email and bank accounts.

Wi-Fi Gets More Secure: Everything You Need to Know About WPA3

Wi-Fi Gets More Secure: Everything You Need to Know About WPA3

The Enhanced Open and Easy Connect protocols are not dependent on WPA3, but they do improve security for specific types of networks and certain situations.

Schneier on Security

In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel.

So Hey You Should Stop Using Texts for Two-Factor Authentication

So Hey You Should Stop Using Texts for Two-Factor Authentication

And for services like Twitter that only offer second factor protections that depend on SMS, it's time to wake up, smell the targeted attacks, and give users better options.1 Unfortunately, some services like Twitter still only offer two-factor authentication that depend on the security of SMS.

Google 'Titan Security Key' Is Now On Sale For $50

Google 'Titan Security Key' Is Now On Sale For $50

What Is Google Titan Security Key? How Does Titan Security Key Secure Online Accounts? How to Use Google Titan Security Keys?

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Thomas Hardjono, a secure identities researcher at MIT's Trust and Data Consortium, points to credit card numbers, identifiers authenticated with a chip plus a PIN or a signature. You can get a new credit card as needed; changing your phone number can be incredibly inconvenient.

How to improve your security with better passwords

How to improve your security with better passwords

In addition humans are notoriously bad at remembering random strings of letters and numbers, so we either write it down (which is a very bad idea for a password) or we make it easy to remember. A more secure password would be at least 20 characters long (95^20) and would equate to 10.24 decillion possible different passwords.

Password breach teaches Reddit that, yes, phone-based 2FA is that bad

Password breach teaches Reddit that, yes, phone-based 2FA is that bad

A newly disclosed breach that stole password data and private messages is teaching Reddit officials a lesson that security professionals have known for years: two-factor authentication (2FA) that uses SMS or phone calls is only slightly better than no 2FA at all.