Troy Hunt

NOVEMBER 14, 2018

For example, if you physically have someone's mobile phone in your hand and it's unlocked, you could login to an account by initiating a password reset, receiving the email in their email client then entering the "2nd factor" token sent via SMS or generated by a soft token app on the device. Google's implementation is just lovely.

Passwords 271

Passwords Authentication Accountability Mobile 271

Spinone

MARCH 25, 2019

Utilizing 2-Step Verification greatly enhances Google login security Review Google Account App Permissions An extremely dangerous security threat exists in “App permission” that have access to your Google account. App permissions are typically granted on mobile devices.

Backups 67

Backups Accountability Passwords Authentication 67

Malwarebytes

JANUARY 10, 2024

This would suggest the compromise was the result of a SIM swapping attack, where an attacker takes control of a phone number by convincing a mobile carrier to transfer the victim’s phone number to a SIM card they own. Although apparently the SEC did not have 2FA enabled for its X account! You’re all set.

Accountability 109

Accountability Scams Hacking Cryptocurrency 109

SecureWorld News

AUGUST 5, 2023

Multi-factor authentication (MFA) is a fundamental component of best practices for account security. It is a universal method employed for both personal and corporate user accounts globally. Take, for instance, Google's account security settings which allow you to download a list of backup codes intended for future use.

Social Engineering 98

Social Engineering Authentication Passwords Accountability 98

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. Even though security keys work great, we don't expect everyone to add one to their keyring.

Phishing 108

Phishing Scams Authentication Accountability 108

Approachable Cyber Threats

JANUARY 24, 2022

Other examples of “something you know” may include a PIN (like for your ATM card) or the answer to a security question (“What’s your mother’s maiden name?”). What happens here is, you provide your mobile phone number to the service, and they register it and associate it with your account.

Authentication 98

Authentication Passwords Accountability Mobile 98

Identity IQ

JULY 17, 2024

Another version of hardware tokens can store your credentials and can be physically connected to your devices, such as your laptop or mobile device, to verify your identity and let you access authorized systems. These are often used to verify the identity of IT personnel or other security workers before they access workplace systems.

Authentication 52

Authentication Identity Theft Accountability Passwords 52