Hot Topics

twofactorauthentication

Zoom Will Be End-to-End Encrypted for All Users

| | encryption, securityengineering, twofactorauthentication, videoconferencing
Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) ...we have identified a ...
Schneier on Security

Chinese Hackers Bypassing Two-Factor Authentication

| | china, Hacking, rsa, twofactorauthentication
Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said ...
Schneier on Security

On Security Tokens

| | backups, keys, securitytokens, twofactorauthentication
Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, ...
Schneier on Security

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

| | Apple, Authentication, banking, ios, SMS, twofactorauthentication, Usability
Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, ...
Schneier on Security

Secure Guardrails