Tag: two factor authentication

Categories
Mobile Syrup

Today is Twitter’s deadline to switch from SMS 2FA or pay for Blue

Twitter is making changes to its two-factor authentication (2FA) method, the security feature that is designed to enhance account security by requiring an additional authentication method to grant access to the account.

Twitter wants users with ‘Text Message’ as their preferred 2FA method to switch over to authenticator apps, like Google Authenticator or Authy, on March 20th, as reported by The Verge.

“This additional step helps make sure that you, and only you, can access your account,” wrote Twitter in a blog post on February 15th, 2023. After March 20th, Twitter will still offer text message-based 2FA, but it will be locked behind the Twitter Blue paywall.

Users who don’t change their 2FA method, and don’t pay for Twitter Blue either will have 2FA removed from their accounts. According to the company, text message 2FA is the most insecure form of authentication, and phone-number-based 2FA can be abused by bad actors by using methods like SIM Swapping.

It’s worth noting, however, that disabling text message 2FA will not automatically disassociate your phone number from your Twitter account.

“We encourage non-Twitter Blue subscribers to consider using an authentication app or security key method instead. These methods require you to have physical possession of the authentication method and are a great way to ensure your account is secure,” wrote Twitter.

Learn more about 2FA on Twitter here.

Source: Twitter, Via: The Verge

Categories
Mobile Syrup

Facebook to require users at risk of being hacked to enable 2FA

Meta’s Facebook social media platform will soon require users at risk of being hacked, such as human rights activists, politicians and journalists, to enable two-factor authentication (2FA).

As reported by Engadget, the move comes as part of an update to Facebook’s ‘Protect‘ program, which was designed to offer extra security to at-risk accounts. The Protect program will require participants to turn on 2FA, with U.S. members needing to do so by mid or late February. Presumably, people in other countries will also have a deadline to enable 2FA depending on when Protect rolls out to them.

Facebook told Engadget that it worked to make 2Fa enrollment “as frictionless as possible.” While Facebook is aware it’ll take time for all users to comply with the rule, it seems pleased with results so far.

“So far, it’s actually going very, very well we’re seeing well above 90% of people successfully enabling ahead of that mandatory period,” Meta’s head of security policy, Nathaniel Gleicher, said. Moreover, Gleicher told Engadget that over 1.5 million users enrolled in the program so far, and 950,000 have switched on 2FA. Still, 2FA remains an underutilized security feature on Facebook — only 4 percent of the platform’s monthly active users have it enabled.

2FA, for those not familiar with the term, refers to various secondary methods of authentication for online accounts. If you’ve ever tried to log in to an online account and been asked to type in a code sent to you by email or text message, you’ve used a variant of 2FA. When coupled with a strong password, 2FA can help make online accounts more secure since a hacker would need both your password and a secondary, typically temporary, authentication.

That said, 2FA isn’t perfect. Malicious actors have started using attacks like SIM swapping to gain access to victims’ phone numbers and intercept 2FA codes. Because of this, using a smartphone app or a security key to handle 2FA instead of relying on SMS or email to receive 2FA codes is more secure.

Facebook first started testing Protect in 2018, then offered it to U.S. politicians ahead of the 2020 election. Since then, Facebook has expanded the program and is on track to make it available in over 50 countries by the end of 2021, including the U.S. and India.

You can learn more about Facebook Protect here.

Source: Engadget

Categories
Mobile Syrup

Google to auto-enroll millions of accounts in two-factor authentication

Source: https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/

Google has put out another blog post reminding people that it will soon enable two-factor authentication (2FA) for millions of users by the end of the year.

2FA, or two-step verification as Google calls it, is a security protocol that can help protect online accounts by requiring a second method of authentication when the user signs in. In most cases, this refers the codes texted to people’s phones after they log into a website.

According to Google’s blog post, the search giant plans to auto-enroll an additional 150 million Google users in 2FA by the end of the year. It also plans to require 2 million YouTube creators to enable 2FA.

Along with that announcement, Google detailed several other ways it’s working to protect users’ accounts. For example, Google builds security keys into Android phones and offers similar functionality to iPhone users with Google Smart Lock. The search giant also detailed improvements to the password manager built into the Chrome browser, such as auto-fill options for iOS and Android users.

These things are all steps in the right direction for improving security. However, it’s also worth noting that 2FA can be an imperfect solution, especially when used over text.

SIM swap attacks are a common way for hackers to take over a victim’s phone number and intercept incoming 2FA messages to gain access to online accounts. It’s a prevalent issue in Canada, with the CRTC recently revealing it documented over 24,000 cases of potential phone number fraud between August 2019 and May 2020.

That’s part of why Google’s pushing users to use security keys and, in turn, is building them into devices. At a basic level, security keys are little USB sticks that users can plug into a computer to authenticate themselves. By turning smartphones into security keys, Google’s offering a convenient, secure alternative to SMS-based 2FA.

If you haven’t enabled 2FA on your Google account yet, here’s how to do it:

  • Head to myaccount.google.com
  • Click ‘Security’
  • Scroll down to ‘Signing in to Google’ and click ‘2-Step Verification.’
  • Follow the steps to set it up.

Image credit: Google

Source: Google Via: The Verge