![]() On Android, Google offers its own authenticator app, unsurprisingly called Google Authenticator, that you can get from Google Play. If you’re using an iPhone, the password manager built into iOS can generate 2FA codes for you, for as many websites as a you like, so you don’t need to install any additional software. If you’re in the second camp, we’re hoping you won’t just give up on 2FA and let it lapse on your Twitter account, but will switch to an app to generate those six-digit codes instead.Īnd if you’re in the first camp, we’re hoping that the publicity and debate around Twitter’s change (was it really done for security reasons, or simply to save money on sending so many SMSes?) will be the impetus you need to adopt 2FA yourself. Those who went for app-based 2FA, because they were reluctant to hand over their phone number, or had already decided to move on from text-message 2FA.Those who turned on SMS-based 2FA, because it’s simple, easy to use, and works with any mobile phone.Those who don’t use 2FA at all, because they consider it an unnecessary additional hassle when logging in.Those users will therefore already have switched away from from SMS-based or app-based 2FA.īut everyone else, we’re guessing, falls into one of three camps: We’re therefore willing to assume that anyone who has already invested in a hardware security token will have done so on purpose, and won’t have bought one to leave it sitting idly around at home. Hardware security keys cost about $100 each (we’re going by Yubikey’s approximate price for a device with biometric protection based on your fingerprint), or $50 if you’re willing to go for the less-secure sort that can be activated by the touch of anyone’s finger. That means using an app that generates a secret “seeded” sequence of one-time codes, or using a hardware token, such as a Yubikey, that does the cryptographic part of proving your identity. The rest of us need to switch over to a different sort of 2FA system within the next three weeks (before Friday ). …but those pay-to-play users will be allowed to keep using text messages (SMSes) to receive their 2FA codes. Ironically, as we explained last week, the very users for whom you’d think this change would be most important are the “top tier” Twitter users – those who pay for a Twitter Blue badge to give them more reach and to allow them to send longer tweets… Twitter recently announced that it doesn’t think SMS-based two-factor authentication (2FA) is secure enough any more. The featured image above is based on one of their tweets, which you can see in full below. The duo describe themselves as “two iOS developers and occasional security researchers on two continents.” In other words, although cybersecurity isn’t their core business, they’re doing what we wish all programmers would do: not taking application or operating system security features for granted, but keeping their own eyes on how those features work in real life, in order to avoid tripping over other people’s mistakes and assumptions. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.Thanks to Tommy Mysk and Talal Haj Bakry of for the impetus and information behind this article. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too. He has also been published in print for Macworld, including cover stories. Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more.
0 Comments
Leave a Reply. |