authentication

Apple took a big step in helping Apple ID users in securing their accounts this week with offering two-step verification.

Two-step verification (or authentication as it's commonly referred to) adds an additional barrier of security between would-be hackers and your account. The extra barrier comes in the form of a four-digit code, which will be sent to a device of your choosing via the Find My iPhone app or SMS, after you've entered your password.

Step one: To add the extra layer of security to your account you'll need to visit the Apple ID settings page on … Read more

Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.

Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user's phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.

The move comes a little less than a year after … Read more

The Federal Trade Commission said today that it will convene a one-day event on security-related "threats to mobile devices."

The event, to be held on June 4 in the agency's Washington, D.C., conference center, will be the latest in a series of similar events that have focused on topics including online data collection and advertising. It's open to the public.

An announcement posted on the FTC's Web site says the event will likely include discussions of "emerging mobile security threats and trends, security challenges in the mobile environment and infrastructure, potential solutions to … Read more

One of the safest and simplest computer-security measures available is also one of the least used. Two-factor authentication adds a layer of protection to the standard password method of online identification. The technique is easy, relatively quick, and free. So, what's the problem?

Critics are quick to point out the shortcomings of two-factor authentication: it usually requires a USB token, phone, or other device that's easy to lose; you sacrifice some privacy by having to disclose your telephone number to a third party; and it is subject to man-in-the-middle and other browser- and app-based attacks.

Still, for online … Read more

In OS X you should be able to create and manipulate files on your system largely without being burdened to authenticate, especially if the files are within resources your account owns such as your home folder. However, after upgrading or otherwise performing changes to the system you may find that the system continually prompts you for a password when you try to manage your files.

Sometimes this issue may occur only when you perform certain tasks such as deleting files (as opposed to placing them in the trash), but at other times it may happen on any manipulation.

OS X … Read more

Microsoft announced today that it has bought PhoneFactor, a provider of multi-factor authentication.

PhoneFactor offers organizations different ways for their employees to access key software and services without relying just on passwords or security tokens. The company's specialty is phone authentication, but it also provides authentication through text messages.

Timothy Sutton, PhoneFactor CEO, described the concept in a blog, saying that "when we initially launched PhoneFactor, we had a vision to deliver strong authentication as a seamless part of almost every process where an individual needs to access confidential or proprietary data." He added that "phones … Read more

A researcher showed today that Oracle's databases could be hacked with brute-force attacks using only the database's name and a username, according to Kaspersky Lab Security News.

Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users' data.

"It's pretty simple," Martinez Fayo told the security blog Dark Reading. "The attacker just needs to know a valid username in the database, and … Read more

Fourandsix Technologies, a startup founded by a former Photoshop bigwig and a image-analysis guru, has released its first product, the FourMatch software to detect changes to an image.

The most obvious use for the $890 Photoshop plug-in: ensuring that digital photos used as legal evidence are authentic.

The company lists other possibilities, too, though, such as checking that nobody's fiddled with digital images of insurance claims or contest entries, or ensuring the legitimacy of photos that might be published as the truth.

Company executives have good street cred in the area: the software came from Chief Technology Officer Hany … Read more

Back in July, Dropbox usernames and passwords were compromised via third-party Web sites. As a result, Dropbox said it would work on adding more security features to help keep accounts safe. Almost a month later, the company's delivered an extra feature that you'll need to enable on your own: two-step verification.

For each new device you use to access the Dropbox Web site or service, you'll need to enter your current password and a security code using this new method. This code can be sent to you via SMS or be generated by a mobile authenticator app. … Read more