Tag Archives: two-factor authentication

Apple Moving to 2FA, Six-Digit Passcodes in iOS 9

With each new release of iOS, Apple has been improving the security of the mobile operating system, adding new features, inserting exploit mitigations, and taking away avenues for attack. In the forthcoming iOS 9.0 release, the company is continuing this movement with the addition of two-factor authentication and a number of other security features. Last […]

Are you using a password that’s a decade old?

In the study by Telesign, web users had on average six passwords protecting 24 online accounts, another cause for concern. Using old or weak passwords across multiple sites can leave people vulnerable to attack.

Using the same password on multiple sites is one of the biggest mistakes that people can make in terms of Internet security. If a password for one account gets compromised then it can start a chain reaction that leaves other online accounts vulnerable to attack. With high profile data breaches regularly in the news, this is not as farfetched as it may sound.

Good password practice

There are three basic steps that we can all follow to help keep our online accounts safe:

Use a strong password

Creating a strong and memorable password doesn’t have to be difficult, we’ve outlined three easy steps in our password guide.

In the meantime, here are four common password mistakes to avoid.

Video

Password Mistakes to Avoid

 

Use a different password for each account

Here to explain why it’s always a good idea to use site-specific passwords, here is AVG Security Awareness Director Michael McKinnon:

Video

Use A Different Password for Each Site

 

Use Two-Factor authentication

Lastly, I suggest using two-factor authentication whenever it’s available. Two-factor authentication means that your password alone isn’t enough to access an account. Instead you’ll need a code sent to your phone or generated by an app to validate your identity.

Watch the video below to learn more:

Video

What is Two-Factor Authentication

Vine celebrity hacked

The account, which had more than 285 million “loops” to date, was compromised and hackers deleted every video linked to the account.

The hack comes just days after Phillips was in the news for making a living off sponsored Vines. A report on the BBC claimed that he was making as much as £12,000 per six second clip.

While Phillips is working with Vine to try and restore his lost videos, it’s worth remembering that you don’t have to be a celebrity to be hacked.

Here are a couple of things you can do to help keep your online accounts safe from hackers.

 

Use Two-Factor Authentication

Two-Factor Authentication is a great way to protect your online accounts. By using a randomly generated code, sent to your email or phone, it makes it very difficult for hackers to gain access.

Video

What is Two Factor Authentication

 

Don’t use the same username across all accounts

Make sure that you use a different usernames across all your accounts so that if your credentials fall into the wrong hands, the risk is limited to only one site.

Also try not to use your real name in your username as this can help attackers verify your identity and be sure the account belongs to you.

 

Use a strong password

Passwords play a crucial role in protecting your online accounts from hackers. Here is a simple guide to creating a strong one:

Making a Strong Password

Is logging into your smartphone, websites, or apps with a fingerprint secure?

Fingerprint authentication

Fingerprint authentication is not as safe as you would think

Just because logging in with you finger is convenient doesn’t mean it’s the best method to use.

Some days ago we told you about increasing your security on sites and in services by using two-factor authentication. More and more services are using this two-factor log in method. They require that you use “something you know” like a PIN or a password, “something you have” like a token app in your smartphone, and even “something you are” like your fingerprints, for instance.

Many top smartphones – starting with iPhone 5s and newer Androids – are moving to fingerprint authentication technology. That means you can unlock your phone using your finger. It’s more convenient than typing a PIN or password because you always have your finger with you (we hope!).  And you would think that it is more secure than using a gesture or pattern to unlock it.

Unfortunately, it’s not. Here’s why:

The authentication process requires that a site or a service (or your smartphone) could recognize you for a thing you know: A PIN or a password. This information must be stored in the service server (or hardware) and it must be matched, i.e., the combination of two pieces (generally username and password) must match to allow access to the right person.

Both you and the service must know this secret combination. But that’s the problem; nowadays, a lot of sites and services have been compromised and pairs of username/passwords have been hacked and sold on the black market.

But what about using your fingerprint? It’s the same scenario.  The information about your finger and the technology to match your fingerprint is stored in servers. If they are hacked, your exact, and only, information would be in their hands.

It gets worse.

You can change your credentials to log into a site or service, but you can’t just change your finger! Well, most of us have 9 more chances after the first one is compromised, but still –  there are more than just 10 services you want to use. You can change your passwords indefinitely, you can use a stronger password, you can use a password generation service –  you’ve got the idea… But you don’t have that many choices with your fingerprint.

It gets even worse.

Everything you touch reveals you. You’re publishing your own secret.

Can you imagine banks or stores letting you use your fingerprint to gain access to your account without even a card? Coincidentally, just hours ago a news report was published saying the Royal Bank of Scotland and MasterCard recently made announcements regarding fingerprint authentication services. They announced that customers can log into the banks’ mobile banking app using their fingerprint. It’s interesting that this article says 16- to 24- years olds are driving this decision because

they want to avoid security slowing down the process of making a payment, with 64% of those surveyed saying they found existing security irritating.

This decision by major banks does not give us confidence in the security of the younger generation and their bank accounts. We venture to wonder about the police with their databases full of prints. What could be done with millions of fingerprints stored by the government?

By the end of last year, young researchers from the Chaos Computer Club showed that your fingerprints could be obtained by photos of your hands and from anything you touched. See the full presentation in this YouTube video. If you have the curiosity to see all the video, you’ll see that using your iris could also be simulated with high quality printed photos. At 30:40 starts the iPhone fingerprint hacking. They took 2 days to develop the method and presented it in a few minutes. Amazing and scary.

Here’s another video with a quick summary of the research.

How to make yourself and your phone more secure

This blog is a source of great information. Earlier this month, we shared 14 easy things you can do right now to make your devices more secure. Please read 14 easy tips to protect your smartphones and tablets – Part I and Part II.

As always, make sure your Android device is protected with Avast Mobile Security. Install Avast Mobile Security and Antivirus from the Google Play store, https://play.google.com/store/apps/details?id=com.Avast.android.mobilesecurity

How to activate Two Factor Authentication on Apple services

This February Apple announced that they would be making Two Factor Authentication available on iMessage and FaceTime in a bid to help users secure their online identities.

What is Two Factor Authentication?

Two Factor Authentication is method of securing your online accounts or services through the addition of another layer of security when you login. This is usually a code which is sent to your mobile device, either in form of a text message or via an app.

Video

What is Two Factor Authentication

 

Activating Apple’s Two Factor Authentication

Implementing Two Factor Authentication on Apple services is very straightforward.

 

  1. Go to My Apple ID.
  2. Select Manage your Apple ID and sign in.
  3. Select Password and Security.
  4. Under Two-Step Verification, select Get Started and follow the onscreen instructions.

 

Apple Two Factor

 

For help and advice on implementing Two Factor Authentitcation on Apple services, I’d recommend visiting the official Apple FAQ page.

Celebrity hacks – why do they continue?

This week we saw yet another hack of a top celebrity, this time the Twitter account of pop star Taylor Swift.  The bad guys, whoever they are, hacked the account sent out messages, distributed personal information and claim to have personal pictures.

Taylor Tweet

 

Its not uncommon for accounts to be hacked, especially when the security is reliant on just a password, but Twitter offers users much more than this.

Most online services today offer two factor authentication as an additional layer of security. The concept of this is very simple as to login you need to have something and know something. The most common use of this authentication is your ATM card, you need the card and you need to know the number.

The same theory applies on online accounts. You enter your login and password, and then the service waits for you to type in a verification number that is automatically sent to your phone. The phone is something you have and the code is something you know. Of course your phone is protected with a pin which adds yet another layer of security.

Video

Video: What is Two Factor Authentication

 

Hacking a celebrity’s account would be difficult if they switched on this two factor authentication. Here lies the problem, celebrities may tweet some things themselves, but it’s likely that they have a team managing their social media accounts for them.

Having multiple people running an account prevents the use of two factor authentication as the code can be only sent to one phone.

I am sure I just upset many celebrity fans who thought that celebrities actually managed their own social accounts.  The reality is that celebrities are busy people and social networks are marketing tools that their teams use to keep them in the news.

In the case of Taylor Swift, the hack may of course be more complex and someone could have cloned her phone. This would take effort, access to the device and would have put the hackers in a much riskier environment. I hope that they have secured the data and account and that the damage is limited as no one should be hacked. Having the right security settings is the best protection.

How to set up two factor authentication

  1. Login in to Twitter and go to settings. If you’re on a PC then this entered by clicking on your picture in the top right corner.
  2. In the left hand menu select ‘Security and Privacy’
  3. There are a few options, SMS to a phone or using the app. Select the one of your choice.
  4. Scroll down and save the changes

I use the text to a phone option but either of the SMS or app options require you and your phone to be together to access your account so both offer effective protection.

Now that you have successfully enabled two factor authentication, your account should be a lot more secure.

Follow me on twitter @tonyatavg

Title image courtesy of billboard.com