two-factor authentication

One of the safest and simplest computer-security measures available is also one of the least used. Two-factor authentication adds a layer of protection to the standard password method of online identification. The technique is easy, relatively quick, and free. So, what's the problem?

Critics are quick to point out the shortcomings of two-factor authentication: it usually requires a USB token, phone, or other device that's easy to lose; you sacrifice some privacy by having to disclose your telephone number to a third party; and it is subject to man-in-the-middle and other browser- and app-based attacks.

Still, for online … Read more

Did you read Mat Honan's tale of woe last week? The one where his Amazon, Apple, Gmail, and Twitter accounts were hacked and his digital life was eradicated?

If not, I strongly encourage you to read his story. In a nutshell, hackers strung together pieces of information to gain access to several important online accounts. The results were personally devastating for him. But his story is a good lesson for all of us. After learning the details of the attack -- from one of the hackers himself, no less -- Honan says he regrets three things most of all.… Read more

Google is making it harder for Gmail and other Google Apps accounts to get compromised by adding an optional feature that will send a security code to your smartphone for logging in.

The two-step verification feature will be available to Google Apps premier, education, and government customers on Monday, and to the hundreds of millions of individual Google users in coming months, as a built-in part of the free service, a Google product manager told CNET.

Until now, Google accounts have been protected only with passwords, which are susceptible to phishing and other social-engineering attacks.

The two-step verification feature will … Read more

IBM has snapped up security software maker Encentuate, in a move to broaden its security management software offerings, Big Blue announced Wednesday.

Encentuate develops two-factor authentication software that's designed to let users log on with a single sign-on to all their other applications.

IBM plans to roll Encentuate's software into its Tivoli product line, which includes identity and access management software products. Terms of the deal were not disclosed.

IBM also is beefing up its security software efforts by opening a new software security lab in Singapore, the company said Wednesday. The lab will house more than 20 … Read more

PayPal launched on Friday its security key fob, a little device designed to thwart password-stealing bad guys who are out to pilfer your online payment account.

PayPal, owned by online auction behemoth eBay, says its PayPal Security Key will generate a new security code every 30 seconds, which people will enter along with their log-in and password for their eBay and PayPal accounts.

PayPal, which initially announced in January plans to increase security via a password-generating key fob, will charge $5 to PayPal and eBay account holders in the U.S. The plan will be expanded internationally.

Various versions of … Read more