Google is finally addressing a big gap of its 2FA (two-factor authentication) code app by adding sync capabilities, with Google Authenticator also getting a new icon on Android and iOS today. This will make “one time codes more durable by storing them safely in users’ Google Account.”
Expand Expanding Close
Twitter’s latest move under Elon Musk is to start charging a fee for the use of SMS messages for two-factor authentication. To avoid that charge, here’s how to use Google Authenticator for Twitter two-factor authentication.
Expand Expanding Close
Security-minded individuals looking to simplify their two-factor authentication logins may want to take a look at LastPass’s new app today, LastPass Authenticator. The iOS App Store currently has a few different apps that can already handle two-factor authentication logins, like Google Authenticator and 1Password. Most of them come with the minor annoyance that once the app is launched, a user has to find the site’s login, and then type the OTP into the site before it expires. LastPass Authenticator looks to improve that experience by allowing users to quickly approve the new login requests directly from their devices.
There are still many unknowns surrounding the leaked celebrity nudes. While Apple appears to have ruled out a theory that a Find My iPhone vulnerability allowed easy brute-force password attacks, some commentators are suggesting that the wording was sufficiently vague that this may indeed have been one route in. (Apple might be arguing that it’s not a breach if the correct password was required.)
But one thing does now appear clear: rather than a single hacker gaining wide access to iCloud, the photos were instead amassed over time by a number of different individuals likely using several different approaches. Phishing was doubtless one of them – some of the claimed emails from Apple are reasonably convincing to a non-techy person – but another was almost certainly to exploit one of the greatest weaknesses found in just about every online service, including iCloud: security questions.
[Update: Tim Cook has confirmed these were the two methods used] …