twofactorauth.org – Computer Security Articles

Instagram’s New Security Tools are a Welcome Step, But Not Enough

August 29, 2018 admin Authy, Duo, Facebook, Google Authenticator, Google Voice, instagram, Security Tools, SIM swap, T-Mobile, two-factor authentication, twofactorauth.org

Credit to Author: BrianKrebs| Date: Wed, 29 Aug 2018 22:59:39 +0000

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. On Tuesday, the Facebook-owned social network said it is in the process of rolling out support for third-party authentication apps. Unfortunately, this welcome new security offering does nothing to block Instagram account takeovers when thieves manage to hijack a target’s mobile phone number — an increasingly common crime.

Independent Krebs

Reddit Breach Highlights Limits of SMS-Based Authentication

August 1, 2018 admin 2fa, Authy, data breaches, google, Google Authenticator, number port-out scams, Reddit breach, Security Keys, Security Tools, totp, twofactorauth.org, Yubico

Credit to Author: BrianKrebs| Date: Thu, 02 Aug 2018 00:55:17 +0000

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

Independent Krebs

Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage

June 5, 2018 admin data breaches, MyHeritage breach, Omer Deutsch, twofactorauth.org

Credit to Author: BrianKrebs| Date: Tue, 05 Jun 2018 19:50:12 +0000

MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users.

Independent Krebs

The Market for Stolen Account Credentials

December 18, 2017 admin A Little Sunshine, carder's paradise, credit freeze, seller's paradise, twofactorauth.org, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 18 Dec 2017 19:13:53 +0000

Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.

Independent Krebs

Stolen Passwords Fuel Cardless ATM Fraud

January 23, 2017 admin ATM fraud, avivah litan, cardless ATM, Chase bank, Fox28, gartner, Kristina Markula, Mike Fusco, Other, Regulation E, twofactorauth.org

Some financial instutitions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime.