Tag Archives: authentication

How To Hack Twitter’s Two-Factor Authentication

Posted by on May 25, 2013 No comments

An anonymous reader writes with this excerpt from PC Mag’s SecurityWatch: “We’ve pointed out some problems with Twitter’s new two-factor authentication. For example, since just one phone number can be associated with an account, Twitter’s two-factor authentication won’t work for organizations like the Associated Press, The Onion, or The Guardian. They were hacked; they could still be hacked again in the same way. However, security experts indicate that the problem is worse than that, a lot worse.”

Read more of this story at Slashdot.




Slashdot

Two-factor authentication: What you need to know (FAQ)

Posted by on May 24, 2013 No comments

Twitter just got it. Apple recently got it, too. Google, Microsoft, Facebook, and Amazon have had it for a while. But why’s two-factor authentication important, and will it keep you safe? [Read more]

    




CNET News

Kim Dotcom Claims He Invented Two-Factor Authentication, Has A Patent To Prove It

Posted by on May 23, 2013 No comments

kim dotcomOh, Kim Dotcom. You just never stop surprising us.

Just hours after Twitter finally rolled out its long-awaited Two-Factor authentication, the Megaupload founder is claiming to have invented the entire mechanism… and he’s got a patent to prove it.

TechCrunch

Microsoft Hops On Two-Factor Authentication Bandwagon

Posted by on April 17, 2013 No comments

itwbennett writes “Following similar initiatives by Apple, Google and Facebook, Microsoft is enabling two-factor authentication for its Microsoft Account service, the log-on service for many of its online and desktop products. Users will find instructions on how to add a second form of authentication on the Microsoft Account settings page. The chief form of secondary authentication will be a short code sent to the user’s mobile phone, the number of which Microsoft will keep on file, each time the user logs on.”

Read more of this story at Slashdot.




Slashdot

Security experts applaud Apple’s new two-factor authentication

Posted by on March 23, 2013 No comments

Apple this week followed the lead of rivals like Facebook, Google and Microsoft, offering two-step authentication to help customers secure their Apple IDs against hacking.
Computerworld News

Authentication System Would Use the Body to Secure Guns and Gadgets

Posted by on March 8, 2013 No comments

With Microchip’s BodyCom technology, the human body is the medium for short-range authentication.

Leave a gun lying around, and anyone who picks it up could fire it. That could change, though, with newly announced technology from Microchip Technology, which uses the body as part of a secure authentication process.







New on MIT Technology Review

Evernote plans two-factor authentication following last week’s hack

Posted by on March 5, 2013 No comments

Evernote plans twofactor authentication following last week's hack and password reset

In a move that’s often more reactive than proactive these days, Evernote has shared plans to add two-factor authentication to its login process. This latest announcement follows last week’s hacking attack and subsequent site-wide password reset, and will be available to all of the site’s 50 million users beginning later this year, according to an InformationWeek report. It’s too early to say exactly how the Evernote team plans to implement the new security feature, whether through a dedicated app or text message password, but given the service’s scale, we can likely count out a hardware fob option, at least. For now, your best course of action is to create a secure password, or, if you’re especially paranoid, you may consider delaying your return until the security boost is in place.

Filed under:

Comments

Source: InformationWeek

Engadget RSS Feed

Bypassing Google’s Two-Factor Authentication

Posted by on February 26, 2013 No comments

An anonymous reader writes “The team at Duo Security figured out how to bypass Google’s two-factor authentication, abusing Google’s application-specific passwords. Curiously, this means that application-specific passwords are actually more powerful than users’ regular passwords, as they can be used to disable the second factor entirely to gain control of an account. Duo [publicly released this exploit Monday] after Google fixed this last week — seven months after initially replying that this was expected behavior!”

Read more of this story at Slashdot.




Slashdot

Apple applies for image-based authentication patent

Posted by on February 7, 2013 No comments

The company’s technology displays an image and requires a user to match it in order for a device to be unlocked. [Read more]


CNET News

Blizzard Sued Over Battle.net Authentication

Posted by on November 10, 2012 No comments



An anonymous reader writes “A man has initiated a class-action suit against Blizzard over a product used to shore up Battle.net security. Benjamin Bell alleges that Blizzard’s sale of Authenticators — devices that enable basic two-tier authentication — represents deceptive and unfair additional costs to their basic games. (Blizzard sells the key fob versions for $ 6.50, and provides a free mobile app as an alternative. Neither are mandatory.) The complaint accuses Blizzard of making $ 26 million in Authenticator sales. In response, Blizzard made a statement refuting some of the complaint’s claims and voicing their intention to ‘vigorously defend’ themselves.”

Read more of this story at Slashdot.


Slashdot

Apple’s Lightning authentication chip successfully cloned

Posted by on October 9, 2012 No comments

A couple of weeks ago, we told you about how Apple planted authentication chips inside their new Lightning cables to prevent third-party manufacturers from making Lightning cables of their own. However, it was only a matter of time before we would see the chip get cloned, and it looks like today is the day. Chinese

Read The Full Story
SlashGear

Microsoft buys PhoneFactor, adds smartphone authentication to its cloud services

Posted by on October 5, 2012 No comments

Microsoft buys PhoneFactor, adds smartphone authentication to its cloud services

With a hand-in-glove relationship with the world of business, it’s key that Microsoft ensures it can keep companies data safe. That’s what prompted Steve Ballmer to whip out his checkbook to snap up PhoneFactor, a multi-factor authentication company that uses smartphones instead of code-generating security tokens. With its new toy, Redmond plans to integrate the feature into its services like SharePoint, Azure and Office 365, letting users sign on with their own device as a key element of the signing in process.

Filed under: , ,

Microsoft buys PhoneFactor, adds smartphone authentication to its cloud services originally appeared on Engadget on Fri, 05 Oct 2012 06:28:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceMicrosoft  | Email this | Comments
Engadget

Graphics Cards: the Future of Online Authentication?

Posted by on October 2, 2012 No comments



Gunkerty Jeb writes “Researchers working on the ‘physically unclonable functions found in standard PC components (PUFFIN) project’ announced last week that widely used graphics processors could be the next step in online authentication. The project seeks to find uniquely identifiable characteristics of hardware in common computers, mobile devices, laptops and consumer electronics. The researchers realized that apparently identical graphics processors are actually different in subtle, unforgeable ways. A piece of software developed by the researchers is capable of discerning these fine differences. The order of magnitude of these differences is so minute, in fact, that manufacturing equipment is incapable of manipulating or replicating them. Thus, the fine-grained manufacturing differences can act as a sort of a key to reliably distinguish each of the processors from one another. The implication of this discovery is that such differences can be used as physically unclonable features to securely link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts.”

Read more of this story at Slashdot.


Slashdot

KDDI’s smartphone palm authentication app unveiled at CEATEC 2012 (hands-on)

Posted by on October 2, 2012 No comments

KDDI's smartphone palm authentication app unveiled at CEATEC 2012 handson

Sidestepping lockscreen codes and fingerprint scanners — and without any new hardware demands — KDDI has unveiled a new palm authentication app that takes advantage of the high-resolution camera on its Android smartphones. Scanning in tandem with the flash, we gave it a try on a HTC J, here at CEATEC in Japan. After a brief setup, which involves positioning your hand to fit between some red markers, the phone was soon calibrated to our hands. Then, after locking the device, attempting to unlock it will send you to the palm authentication screen, seen above, where (hopefully) only your mitts will be able to gain access.

The time it takes to check your hand remains a little longer than it would take you to drum in your typical four-digit PIN, but in our brief test, it was able to discriminate between two Engadget editors’ hands. Better still, you’ll be able to give the app a try yourself tomorrow, when it goes on free trial on Google Play. Until it does, see how it’s all meant to work in our hands-on video after the break.

Gallery: KDDI Palm recognition hands-on at CEATEC 2012

Continue reading KDDI’s smartphone palm authentication app unveiled at CEATEC 2012 (hands-on)

Filed under: ,

KDDI’s smartphone palm authentication app unveiled at CEATEC 2012 (hands-on) originally appeared on Engadget on Mon, 01 Oct 2012 21:40:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments
Engadget

Twitter Gives Devs 6 Months To Display Tweets Properly, Use New Authentication and Rate Limts

Posted by on August 16, 2012 No comments

twitter-bird-calloutSo there Twitter goes, messing with its API. In the effort of creating a “more consistent Twitter experience,” the company said it is placing restrictions around how the API is used. With a new version of the API coming in a few weeks, Twitter announced the changes on its developers blog today. And it’s saying devs have six months to implement changes, or risk being shut out.

Prior to the changes, developers could access the Twitter API anonymously, without having to register or let the company know how it was using that data. Well, no more of that. Twitter says that to limit malicious use of the API, and to better understand the apps that are accessing it, the company will require every request to be authenticated.
TechCrunch

PlayThru hopes to kill text captchas with game-based authentication

Posted by on May 4, 2012 No comments

Image

At their worst, captchas are impossible to decipher; at their best, they’re… fun? A startup called Are You a Human has developed PlayThru, an alternative to text-based authentication. Instead of requiring the user to type some blurry, nonsensical word, PlayThru has them play a mini-game, such as dragging and dropping a car into an open parking spot. The startup says this method is more secure than word captchas — since automated bots have a harder time solving these image-based puzzles — and more fun, because users generally have a better time when their ability to identify letters isn’t called into question. PlayThru has been in beta for several months and is currently available as a free download. On May 21st, the solution will officially launch on both PCs and smartphones. Click through to the source link to try out the captcha alternative for yourself.

PlayThru hopes to kill text captchas with game-based authentication originally appeared on Engadget on Thu, 03 May 2012 23:49:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAre You a Human  | Email this | Comments
Engadget

TSA Tests Automated ID Authentication

Posted by on April 23, 2012 No comments



CowboyRobot writes “Last year, a Nigerian man boarded a plane from N.Y. to L.A. using an invalid ID and a boarding pass issued to another person. A week later he was caught again with 10 expired boarding passes. In response to this and similar events, the Transportation Security Administration has begun testing a new system at Washington’s Dulles International Airport that verifies an air traveler’s identity by matching photo IDs to boarding passes and ensures that boarding passes are authentic. The test will soon be expanded to Houston and Puerto Rico.”

Read more of this story at Slashdot.


Slashdot

Scammers Work Around Two-Factor Authentication With Social Engineering

Posted by on December 6, 2011 No comments



mask.of.sanity writes “Thieves have made off with $ 45k after they intercepted a victim’s two factor online banking codes used to verify large transactions. The scammers got the Australian executive’s mobile number from his daughter, and work place details from his willing secretary. Armed with this data, they bluffed Vodafone which ported his phone number, meaning the criminals could verify the bank’s two factor verification codes generated during their spending spree and the victim never knew a thing.”

Read more of this story at Slashdot.


Slashdot

PhoneFactor delivers iOS app for authentication

Posted by on December 6, 2011 No comments

PhoneFactor, an authentication system that uses mobile phones as a second factor for improved security, is now available as an app for Apple's iPhone and iPad.
Computerworld News