Google’s iPhone Security App Keeps You in its Ecosystem

· Andrew Orr · Link

Google updated its Smart Lock app on iOS to let iPhones be used for two-factor authentication. But it will only work inside Chrome. Now your only choices for Google two-factor authentication are this Smart Lock app, or a phone number (an insecure method). You can also use a physical security key but not an app like Authy.

After installing the update, users are asked to select a Google account to set up their phone’s built-in security key. According to a Google cryptographer, the feature makes use of Apple’s Secure Enclave hardware, which securely stores ‌Touch ID‌, Face ID, and other cryptographic data on iOS devices.

Update. So I made a mistake and you can use an app like Authy, but you first have to surrender your phone number to Google. Which I’m obviously loathe to do so I use a disposable number.

Yubico Authenticator iOS App Now Supports NFC

· Andrew Orr · Link

While Yubico has a security key that plugs into your iPhone via Lightning, the app also supports NFC YubiKeys now.

Instead of storing the time-based one-time passcodes on a mobile phone or computer, Yubico Authenticator generates and stores one-time codes on the YubiKey. A user must present their physical key in order to receive the code for login. This not only eliminates security vulnerabilities associated with a multi-purpose computing device, but also offers an added layer of convenience for users that work between various machines.

Oops! Twitter Accidentally Used Your Phone Number for Ads

· Andrew Orr · Link

Twitter logo

Twitter admitted yesterday that it “unintentionally” used some email addresses and phone numbers for advertising purposes. These phone numbers were specifically used to keep your account safe with two-factor authentication.

We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system.

This is exactly why SMS-based two-factor authentication needs to go away. SMS is inherently insecure, as the FBI recently noted. Funnily enough, I recently removed my phone number from Twitter, although it’s probably too late.

YubiKey 5Ci Security Key Launches for iPhones

· Andrew Orr · News

Today Yubico launches the YubiKey 5Ci, an authentication device made for iPhones. This gives Apple users true two-factor authentication.

Using Two-Factor Authentication on Old Apple Devices

· Andrew Orr · Link

Glenn Fleishman has a good tip on how to use Apple’s two-factor authentication on older devices that don’t support it.

But 2FA and outdated versions of Apple TV, iOS, and macOS don’t mix. You try to log in on those devices with your Apple ID and popups with codes may appear on other devices, but there’s no way to enter it on the piece of equipment from which you’re trying to log in. Fortunately, there’s a simple workaround.

I always forget about the manual method.

How to Enable Instagram Two-factor Authentication

· Jeff Gamet · Quick Tip

Instagram two-factor authentication setup on iPhone

Instagram accounts are getting hacked in big numbers right now so you should enable two-factor authentication on your account. Read on to learn how.