Category: Authentication

July 26, 2016
Attack Can Steal Keystrokes From Hundreds of Feet Away
Wireless keyboards from several top manufacturers, including HP, Kensington, and Toshiba, are susceptible to an attack that allows anyone within range to eavesdrop and record every keystroke made on the devices. The vulnerability is a result of the manufacturers failing to implement encryption between the keyboard and the computer, and it allows an attacker to intercept…
Read More →
July 26, 2016
NIST Plans to Drop SMS for Two-Factor Authentication
UPDATED–The move toward two-factor authentication and two-step verification for high-value services has been a positive one for user security, but many of those services use SMS as the channel for the second step in the authentication process, a method that the United States government is preparing to recommend against using. The National Institute of Standards and Technology…
Read More →
July 22, 2016
PayPal, Visa Partner for Improved Payment Security
PayPal is forming a new partnership with Visa for digital payments, a deal that will allow consumers to use their Visa cards as easily as PayPal in electronic transactions. The new agreement will see PayPal avoiding ACH transactions in some cases, a significant change for the company, which historically has used the network. The ACH…
Read More →
July 18, 2016
Making Money by Abusing Phone-Based Two-Step Verification
A security researcher has discovered a method that would have enabled fraudsters to steal thousands of dollars from Facebook, Microsoft, and Google by linking premium-rate numbers to various accounts as part of the two-step verification process. Arne Swinnen discovered the issue several months ago after looking at the way that several of these companies’s services…
Read More →
July 8, 2016
Facebook Messenger Gets End-to-End Encryption
Facebook is planning to begin a test of end-to-end encryption for its Messenger service, which could eventually bring encrypted conversations to the company’s more than 1.5 billion users. The test is due to begin today, according to reports, and will involve a small fraction of the Facebook user base at the beginning. Facebook Messenger is the…
Read More →
June 21, 2016
Google Simplifies Two-Step Verification
Google is changing the way that users of its Gmail and other apps use its two-step verification process, making it easier for users to approve or deny new logins. Currently, users who have two-step verification enabled have to enter a short code from an app or use a hardware token in order to log in…
Read More →
June 9, 2016
32 Million Twitter Credentials Dumped Online
A massive cache of credentials and email addresses associated with Twitter accounts has been posted for sale online, but Twitter officials say the information did not come from a breach of the company’s network. The database of more than 32 million passwords and email addresses–including many plaintext passwords–was offered for sale on an underground forum…
Read More →
June 8, 2016
On the Wire Podcast: Jessy Irwin on Password Security
In this episode, Dennis Fisher talks with Jessy Irwin about the recent rash of data breaches and credential dumps and why humans are still so terrible at password security. The conversation touches on alternatives to traditional passwords, the limits of two-factor authentication, and he or if thing might actually improve. Music by Chris Gonsalves and…
Read More →
May 26, 2016
Microsoft Hates Your Password
As stolen passwords and account information continue to flood the Internet, making life easier for lazy attackers, Microsoft is planning to roll out a new service on its Azure cloud platform that will prevent customers from using common passwords. The change is not just a requirement that users employ long or artificially complex passwords, but…
Read More →
May 24, 2016
Google Project Abacus Aims to Replace Passwords on Android
Within the next six months, all Android developers likely will have access to a Google API stemming from its Project Abacus that aims to replace the password with a multi-modal system as the primary authenticator for mobile users. The idea behind the system is two-fold: passwords are rapidly approaching uselessness; and biometric identifiers are now…
Read More →