Google is adding security features for people who use Google accounts on Apple devices to give you more options for physical security keys.
The FIDO Alliance is an industry group to develop authentication standards as an alternative to passwords. Apple recently joined the group.
Apple’s WebKit team has a proposal to standardize and secure SMS two-factor authentication codes with URLs.
Google updated its Smart Lock app on iOS to let iPhones be used for two-factor authentication. But it will only work inside Chrome. Now your only choices for Google two-factor authentication are this Smart Lock app, or a phone number (an insecure method). You can also use a physical security key but not an app like Authy.
After installing the update, users are asked to select a Google account to set up their phone’s built-in security key. According to a Google cryptographer, the feature makes use of Apple’s Secure Enclave hardware, which securely stores Touch ID, Face ID, and other cryptographic data on iOS devices.
Update. So I made a mistake and you can use an app like Authy, but you first have to surrender your phone number to Google. Which I’m obviously loathe to do so I use a disposable number.
Bryan Chaffin and Andrew Orr join host Kelly Guimont to discuss apps you should remove from your devices, and making 2020 more secure.
While Yubico has a security key that plugs into your iPhone via Lightning, the app also supports NFC YubiKeys now.
Instead of storing the time-based one-time passcodes on a mobile phone or computer, Yubico Authenticator generates and stores one-time codes on the YubiKey. A user must present their physical key in order to receive the code for login. This not only eliminates security vulnerabilities associated with a multi-purpose computing device, but also offers an added layer of convenience for users that work between various machines.
Twitter announced that users can finally use other two-factor authentication methods besides SMS, which is an insecure authentication method.
Twitter admitted yesterday that it “unintentionally” used some email addresses and phone numbers for advertising purposes. These phone numbers were specifically used to keep your account safe with two-factor authentication.
We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system.
This is exactly why SMS-based two-factor authentication needs to go away. SMS is inherently insecure, as the FBI recently noted. Funnily enough, I recently removed my phone number from Twitter, although it’s probably too late.
Launched last week, the Yubico 5Ci is the first security key with a Lightning connector. The company sent Andrew one for review.
Today Yubico launches the YubiKey 5Ci, an authentication device made for iPhones. This gives Apple users true two-factor authentication.
Glenn Fleishman has a good tip on how to use Apple’s two-factor authentication on older devices that don’t support it.
But 2FA and outdated versions of Apple TV, iOS, and macOS don’t mix. You try to log in on those devices with your Apple ID and popups with codes may appear on other devices, but there’s no way to enter it on the piece of equipment from which you’re trying to log in. Fortunately, there’s a simple workaround.
I always forget about the manual method.
Yubico is recalling its line of YubiKeys, tools used for two-factor authentication that generate one-time passcodes.
Apple is requiring developers to secure their Apple ID with two-factor authentication.
In the experimental version of Safari Technology Preview, the browser adds support for USB security keys.
Apple has apologized over a string of Chinese Apple ID hacks. Certain Apple customers were victims of a phishing attack.
In light of the recent breaches and hacks at Facebook, it’s a good idea to enable two-factor authentication on Facebook for security.
You can now get Instagram verification inside the app and a new form of two-factor authentication. The social network is rolling out changes to its app.
Instagram accounts are getting hacked in big numbers right now so you should enable two-factor authentication on your account. Read on to learn how.