tldrdaily.news logo
Tag

Totp

All articles tagged with #totp

cybersecurity2 years ago

Avoiding Two Factor Authentication Mistakes and Malware.

Two-factor authentication (2FA) is an essential security measure, but implementing it correctly can be challenging. Authenticator apps generate a time-dependent six-digit number using a secret key, but the safety of the TOTP keys relies on the authentication server not getting hacked. Most cellphone-based authenticator apps phone home, and some even send personally identifiable data about users back to the provider. Open-source apps like RedHat's FreeOTP and Aegis Authenticator are recommended for those concerned about privacy.

via Hackaday|
#authenticator-apps#cloud-backup#cybersecurity
password-security-authentication2 years ago

Google Authenticator Introduces Cloud Sync for Two-Factor Codes

Google has updated its Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. The cloud sync feature is optional, meaning users can opt to use the Authenticator app without linking it to a Google account. The update finally brings it in line with Apple's iCloud Keychain and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones.

via The Hacker News|
#2fa#authenticator#cloud-backup
cybersecurity2 years ago

Beware of Latest Phishing Threats: Authenticators and Open Source Kits Vulnerable

Criminals are using software that sells for as little as $300 to deploy phishing campaigns that can bypass some forms of multi-factor authentication (MFA), including those that use time-based one-time passwords (TOTPs). The software, which is responsible for more than 1 million malicious emails each day, uses a technique known as adversary in the middle (AitM) to place a phishing site between the targeted user and the site they are trying to log in to. The most effective barrier to account takeovers is MFA based on the industry standard known as FIDO2.

via Ars Technica|
#aitm#cybersecurity#fido2