Wednesday, July 25, 2018

Google makes a solid case for use of physical security keys instead of SMS-based Two-Factor Authentication



Google’s 89,000+ employees have not suffered a Phishing attack on their official Google accounts since 2017, when the company first implemented Two-Factor Authentication using physical security keys. Physical or hardware security keys, popularly known as U2F keys (Universal 2nd Factor), come in the form of USB dongles that can be inserted at the time of login to authenticate an account. 

According to a report by Krebs on Security, work accounts of Google employees have not been subject to phishing attacks in the past 10 months thanks to all of them switching to a physical security key and ditching SMS-based two-factor (2FA) authentication. Commenting on the report, a Google spokesperson said, “We have had no reported or confirmed account takeovers since implementing security keys at Google.” “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time,” the person added. Google introduced 2FA using hardware security keys through its Advanced Protection Programme in October last year. If a users is enrolled to use a U2F key, other forms of authentication like SMS, OTP, and even the Google Authenticator app are disabled. Currently, Firefox, Chrome, and Opera browsers supports physical security keys to provide access to services like Gmail, Google Photos, GitHub, Facebook, and other. 

Once a device is enrolled for a specific website that supports security keys, users no longer needs to enter their password on that site (unless they try to access the same account from a different device, in which case it will ask the user to insert their key). Here is how you can use a U2F key to access your Google account. You can also head here to check if a website support U2F keys. 

Note that you will have to purchase a security key in order to access this service. Physical security keys are easily available online and cost anywhere between Rs 1,500 - Rs 10,000, depending on the type of key (Only USB or USB and Bluetooth/Wi-Fi) you purchase. A recent report on SIM hacking to bypass Instagram’s SMS-based 2FA made it clear just how easy it is to get by the ageing authentication mechanism. Instagram, too, is testing other app-based authentication methods to enhance security on the platform. 

Physical security keys are the need of the hour as it is increasingly becoming common for hackers to gain access to users’ accounts by impersonating the users and pretending they have been locked out of their accounts.

from Latest Technology News https://ift.tt/2mDJdoa

MAXIT INTERNET

BLOGGER

CD DVD RW

DELL

DOWNLOAD

FTP Server Linux

HACK

HARD DRIVE

HOW TO WORKIN

HARDWAER

INTERNET

INTERNET CAFE

LAPTOP

LENOVO

LINUX

Additional configuration for Samba Server (Part 2)  

BSNL/Airtel/Idea using Huawei E156G 3g Wireless USB Linux 5   

Basic File Extensions    CHANGING AN ACCOUNT EXPIRATION DATE   

Configure Linux as a Router   

Configure SAMBA Server (Part-1)   

Configure VNC server   

Configure Yum Server (Part-1)   

Configure yum server for Client machine (Part 3)   

Configuring Samba as a Standalone Server (Part 3)  

Connecting ftp Server with Anonymous User Part 5  

Create ftp account with Shared directory Part 3  

DHCP Server Configuration Part 2  

DHCP Server Configuration Part-1  

DHCP Server Configuration Part-3  

Enabling FTP Services in Yum Server (Part 5)  

FTP Server Configuration Part 1  

FTP Server How to Change In Primary DNS Server Part 2  

HTTP Client side configuration (Part 4)  

How to Vsftpd conf files Parameter Part 6   

LINUX FILE SYSTEM STRUCTURE  

Linux User Administrtion  

Linux as a Router configuration for Client Machine   

Linux client machine FileZilla FTP Client Part 4  

Local Yum Server (Part 2)  

Modifying Existing User Information  

Primary DNS Server Configuration Part-1  

Primary DNS Server Configuration Part-2    

Primary DNS Server Configuration Part-3  

Remove Linux From Your Pc Safely and restoring your MBR  

Sharing & Accessing Samba Share (Part 4)   

Speeding up your internet connection under Linux and Windows   

THE ROOT FILE SYSTEM   

VNC Server Configuration

LINUX LAB

Linux as a Router

MOTHERBOARD

Mobile

NETWORKING

REDHAT 5

REGISTRY EDTOR

RESET BIOS PASSWORD

SAMBA Server Linux

SERVER

SERVER CONFIG

SOFTWAER

VNC server Linux

Window 10

Window XP