A flaw in PayPal’s two-factor authentication could allow attackers to gain access to up to 143 million PayPal accounts. The vulnerability affected users logging into PayPal via an app on their Android or iOS device, according to the Financial Times’ report.
If only two factor authentication had been used, maybe the database would never have been accessed by online criminals.
BlackBerry has signed up to FIDO (Fast IDentity Online) Alliance – a group which is seeking to establish new methods to identify people quickly and safely, rather than relying on passwords for mobile security. FIDO is supported by internet giants such as Google and PayPal and is investigating alternative authentication technologies such as NFC chips, biometrics and one-time passwords, with a view to creating a standards-based system for passwordless authentication.
Following the examples of Google, Facebook, Yahoo and DropBox, Twitter is reportedly ready to roll out a two factor sign in process for its millions of users. This comes in light of February’s attack when some 250,000 passwords were stolen.
In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators. Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth. "They breached security systems designed to
[Update: added some extra links at http://avien.net/blog/?p=422] Here, so to speak, is a bit of hot potato*. Flippancy notwithstanding, this isn't really funny. For several years now, Brits have enjoyed a banking card system called chip and PIN, a simple form of two-factor authentication for in-person credit and debit card transactions. In countries where the