Security News
The Google Authenticator 2FA app has featured strongly in cybersecurity news stories lately, with Google adding a feature to let you backup your 2FA data into the cloud and then restore it onto other devices. The six-digit codes commonly generated by 2FA apps get calculated right on your phone, not on your laptop; they're based on a "Seed" or "Starting key" that's stored on your phone; and they're protected by the lock code on your phone, not by any passwords you routinely type in on your laptop.
Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync their codes to their Google account. They can later be seamlessly synced to a new device once the Google Authenticator app is installed on it and connected to the users' Google account.
The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords to their Google Accounts and have multi-device support. Google Authenticator is an immensely popular authentication app with over 100 million installs that lets users generate these one-time passwords for 2FA verification.
Joe Burton, CEO of digital identity authentication company Telesign, spoke with TechRepublic about how the "Fuzzy" realm between statistical analysis and artificial intelligence can fuel global, fast and accurate identity management. Burton said the company is looking forward, with big plans to use new technologies and services powered by AI to set itself apart from competitors.
Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge. Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities.
Starting March 13, GitHub will gradually introduce the 2FA enrollment requirement to groups of developers and administrators, beginning with smaller groups. In case your account is selected for enrollment, you will receive a notification via email and see a banner on GitHub.com requesting you to enroll in 2FA. You will have a 45-day window to configure 2FA on your account, and before that date, you can continue to use GitHub as usual except for the occasional reminders.
GitHub will start requiring active developers to enable two-factor authentication on their accounts beginning next week, on March 13. The gradual rollout will start next week with GitHub reaching out to smaller groups of administrators and developers via email and will speed up as the end of the year approaches to ensure that onboarding is seamless and users have time to sort out any issues.
On Android, Google offers its own authenticator app, unsurprisingly called Google Authenticator, that you can get from Google Play. Google's add-on app does the job of generating the needed one-time login code sequences, just like Apple's Settings > Passwords utility on iOS. But we're going to assume that at least some people, and possibly many, will perfectly reasonably have asked themselves, "What other authenticator apps are out there, so I don't have to put all my cybersecurity eggs into Apple's basket?".
Using texts is insecure for doing 2FA, So if you want to keep it up you're going to have to pay. The bulletin says that "After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled."
Twitter has announced that starting with March 20, users who don't pay the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication option. Twitter CEO Elon Musk further explained the rationale behind the move by claiming that "Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages."