authentication

A group of tech companies looking to replace passwords for online identity authentication gained a powerful ally Tuesday in the form of Google.

The consortium, called the Fast IDentity Online Alliance (FIDO), is working to develop standards-based alternatives for verifying a user's identity when trying to login to Web sites and online accounts. Formed in 2012, the group proposes specifications that will support a variety of authentication technologies, including biometrics such as fingerprint scanners and voice and facial recognition, as well as security tokens, near field communication, and one-time passwords.

The Web giant joins founding members Lenovo, PayPal, Nok … Read more

Microsoft started rolling out its two-step verification process on April 17. Also known as two-factor authentication or two-step authentication, the process strengthens your account security by requiring you to enter your password (step 1), then a security code (step 2). The security code can be sent to you by e-mail, SMS, or phone call, or you can use an authenticator app on your mobile device.

Enabling two-step verification on your Microsoft account will enable it across all Microsoft services that currently support two-step verification, like Windows, Outlook.com, Office, and SkyDrive. If you're interested in trying it out, here'… Read more

There have been hints for the past week-plus -- courtesy of Liveside.net -- that Microsoft was poised to roll out two-factor authentication for its Microsoft Accounts. On April 17, Microsoft did just that.

The company is calling this security process "two-step verification." Microsoft is making available two-step verification across all products and services accessible via a Microsoft Account. This includes Windows, Windows Phone, Xbox, Outlook.com, SkyDrive, Office, and more. The rollout will be happening over the "next couple of days," according to the company.

(Microsoft Account is the new name for Microsoft's Live … Read more

Microsoft will toughen up its products' security by adding dual-factor authentication "soon," according to a report today by Liveside.net.

Judging by details in the Microsoft-focused blog, the approach closely mirrors what Google did years ago: authorization requiring both a password (the first factor) and a special six-digit code retrieved from an authenticator app on a person's smartphone (the second factor). The smartphone code changes frequently so it can't be used for long.

Microsoft offered only this comment today: "Security and privacy is a priority for Microsoft, however we have nothing new to share at … Read more

Apple took a big step in helping Apple ID users in securing their accounts this week with offering two-step verification.

Two-step verification (or authentication as it's commonly referred to) adds an additional barrier of security between would-be hackers and your account. The extra barrier comes in the form of a four-digit code, which will be sent to a device of your choosing via the Find My iPhone app or SMS, after you've entered your password.

Step one: To add the extra layer of security to your account you'll need to visit the Apple ID settings page on … Read more

Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.

Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user's phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.

The move comes a little less than a year after … Read more

The Federal Trade Commission said today that it will convene a one-day event on security-related "threats to mobile devices."

The event, to be held on June 4 in the agency's Washington, D.C., conference center, will be the latest in a series of similar events that have focused on topics including online data collection and advertising. It's open to the public.

An announcement posted on the FTC's Web site says the event will likely include discussions of "emerging mobile security threats and trends, security challenges in the mobile environment and infrastructure, potential solutions to … Read more

One of the safest and simplest computer-security measures available is also one of the least used. Two-factor authentication adds a layer of protection to the standard password method of online identification. The technique is easy, relatively quick, and free. So, what's the problem?

Critics are quick to point out the shortcomings of two-factor authentication: it usually requires a USB token, phone, or other device that's easy to lose; you sacrifice some privacy by having to disclose your telephone number to a third party; and it is subject to man-in-the-middle and other browser- and app-based attacks.

Still, for online … Read more

In OS X you should be able to create and manipulate files on your system largely without being burdened to authenticate, especially if the files are within resources your account owns such as your home folder. However, after upgrading or otherwise performing changes to the system you may find that the system continually prompts you for a password when you try to manage your files.

Sometimes this issue may occur only when you perform certain tasks such as deleting files (as opposed to placing them in the trash), but at other times it may happen on any manipulation.

OS X … Read more