Is it true two-factor authentication if 1Password auto-fills security codes for you? Thanks to a 1Password blog post, we now know the answer: No, it’s two-step verification instead.
LastPass was heavily criticized for communicating insufficient details after it lost customer vault data in a breach. A collection of new posts attempt to rectify that mistake—but it’s not enough for Adam Engst, who shares his experiences switching from LastPass to 1Password.
After failing to receive SMS text messages from five financial services websites that use them for two-factor authentication codes, Adam Engst resolved his problem with a quick call to T-Mobile to remove an automatically created system-level block on those numbers.
Having good passwords may protect you from drive-by attacks, but if you are individually targeted, online thieves can steal your cell phone number and reset all your passwords in minutes. Google Voice used with two-factor authentication is an answer for those for whom authentication apps don’t work well.
Logging into a new Apple device may result in a prompt that asks you for the passcode or password of another one of your devices. Glenn Fleishman explains why this happens and why it’s a good idea.
An unsecured server has resulted in tens of millions of SMS messages being exposed, and along with it password reset links, two-factor authentication codes, shipping notifications, and more.
Apple streamlined two-factor login confirmations via text message in iOS 12 and macOS 10.14 Mojave. But using SMS to validate your login remains problematic because of phone number hijacking. Apple should lead the way to retire it.
Facebook is sending its two-factor authentication users text messages they don’t want. This situation provides yet another reason why you should use a dedicated app for generating two-factor authentication codes instead of SMS.