That means using an app that generates a secret “seeded” sequence of one-time codes, or using a hardware token, such as a Yubikey, that does the cryptographic part of proving your identity. The rest of us need to switch over to a different sort of 2FA system within the next three weeks (before Friday ). …but those pay-to-play users will be allowed to keep using text messages (SMSes) to receive their 2FA codes. Ironically, as we explained last week, the very users for whom you’d think this change would be most important are the “top tier” Twitter users – those who pay for a Twitter Blue badge to give them more reach and to allow them to send longer tweets… Twitter recently announced that it doesn’t think SMS-based two-factor authentication (2FA) is secure enough any more. The featured image above is based on one of their tweets, which you can see in full below. The duo describe themselves as “two iOS developers and occasional security researchers on two continents.” In other words, although cybersecurity isn’t their core business, they’re doing what we wish all programmers would do: not taking application or operating system security features for granted, but keeping their own eyes on how those features work in real life, in order to avoid tripping over other people’s mistakes and assumptions. Thanks to Tommy Mysk and Talal Haj Bakry of for the impetus and information behind this article.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |