#To set up / enable snapchat Two Factor Authentication for Android | Explore Tumblr posts and blogs

secretlovewinner-blog · 5 years ago

Text

2 Unique Way To Recover Snapchat Account

In this 21st century, Snapchat is Booming like never before. Now Snapchat, which is used by more than 158 million people every day, has pioneered new ways to interact with photos, videos, and other users, as well as new formats for advertisers, to reach customers. The company, which rebuffed a $3 billion acquisition offer from Facebook in 2013, is on track to generate $1 billion in revenue next year, according to the investment bank Jefferies. Snap, the company that runs the social media service Snapchat Account Recovery. Snapchat, soared in its initial public offering, setting the company up as the most valuable American technology company to go public since Facebook. Snapchat lets users send messages to one another that disappears within seconds. You have to know your friend’s user name to send a message, which makes Snapchat a place where people tend to connect with those they actually know.

Snapchat Account Recovery

The first step to solving a problem is to know its root causes. This may be that we forgot our passwords or we were hacked and logged out. Knowing how you lost your Snapchat account should help you understand how to recover it.How To Recover Your Snapchat Account Of You Forgot Your Password? Snapchat Account Recovery If you have forgotten your Snapchat passwords and want to log in, follow the steps below to recover your account by resetting the Passwords. Launch the Snapchat app on your smartphone and tap on Login. Enter your username or email and tap the “forgot your password” option right under the PASSWORD box.A box will pop up asking you to ” Please choose how you want to reset your password.” Here we choose email. On the next page, enter your email address and tap the “Submit” button (scroll to step 4 if you wish to use a phone number).You will receive an email from Snapchat. The email contains a link to reset the password. Tap on the link and enter your new secure password (check how to make easy and secure passwords here lazily).If you wish to recover the account via phone, choose the phone option in step two above and enter your mobile number. Tap the “Continue” button and in the pop-up, choose how you want your phone number to be verified; either via message (Send Via SMS) or call option.Choose the SMS option to receive OTP as it is easier to work with. Enter the OTP that you received in the place provided and proceed to reset your password. (If you enable Do Not Disturb on your SIM the message may not come through so you may have to use the call option).How to Recover Your Snapchat Account if You Have Forgotten Your Username and Email?To be sincere, many of us have more than 4 email accounts and also play around with usernames when opening accounts. Other times, we forget our usernames and email because we abandoned the account for a while and we are trying to get back in the game. If you are trying to recover your account SnapChat Account Recovery in this scenario, try the options below; Try to make a list of all your valid email addresses.Launch the app on your smartphone and tap on Login. Enter your email or password and tap the ‘Forgot your password” option right under the PASSWORD box.A box will pop up asking you to ” Please choose how you want to reset your password.” Here we choose email. On the next page, enter your email addresses and tap the “Submit” button. All invalid emails will result in an error reading “Email address is invalid.”. Keep entering the different email addresses until you get the right one then proceed to reset the password.How To Recover A Stolen Snapchat Account?Suppose your account was hacked the recovering the account will be difficult. The difficulty depends on the changes the hacker has made to the hacker. If you can still access the account (if your email has not been changed), then changing the password will be the easiest option.However, if your recovery email address has been changed and your phone number too then there is only one thing that can be done on your end. Contact Snapchat Help, fill up an account recovery form and hope they recover the account for you.How To Secure Your Snapchat Account?While the big corporations will always try their best to secure their platforms, Snapchat users should also know the steps are not complete until they also play a part in securing their accounts one can open a Snapchat account using a fake email and number combination, which is cool but can be disastrous if you should forget your password or get hacked.To update your email address and phone number, go to Settings and check.Use Two Factor AuthenticationAlso, in Snapchat settings, it will be wise to use Two Factor Authentication. This helps to decrease the chances of being hacked. This will prompt the app to request for a one time code any time you log in. I use the Authy Authenticator app for Two Factor authentication. How To Reactivate Snapchat Account on Android or iPhone. Let’s learn how to reactivate Snapchat account as they are not just as simple as they seem. As in reality, there is no such button option available in the app. Follow the instructions below to get to the act of getting your Snapchat account SnapChat Account Recovery back on track. The steps are to be performed on your smartphone.Launch the Snapchat app on your phone.Fill in your Username and password to login to How To Reactivate Snapchat Account on Android or iPhone’s learn how to reactivate Snapchat account as they are not just as simple as they seem. As in reality, there is no such button option available in the app. Follow the instructions below to get to the act of getting your Snapchat account back on track. The steps are to be performed on your smartphone.Launch the Snapchat app on your phone.Fill in your Username and password to login to your account.Tap Log In.The message says – If you want to reactivate your account. Tap on OK.A mail will be sent to you informing you that your Snapchat account is being reactivated.You will see your Snapchat account working again.Remember, it might take a few hours to recover all your data on your Snapchat account. This includes updating your Memories- which is a complete collection of photos. As the server gets the information about the reactivated Snapchat account, it will give access to all of the user’s data.Tap Log In.The message says – If you want to reactivate your account. Tap on OK.A mail will be sent to you informing you that your Snapchat account is being reactivated.You will see your Snapchat account working again.Remember, it might take a few hours to recover all your data on your Snapchat account. This includes updating your Memories- which is a complete collection of photos. As the server gets the information about the reactivated Snapchat account, it will give access to all of the user’s data.

About

Snapchat is a mobile app for Android and iOS devices. It’s headed by co-founder Evan Spiegel. One of the core concepts of the app is that any picture or video or message you send – by default – is made available to the receiver for only a short time before it becomes inaccessible. This temporary, or ephemeral, nature of the app was originally designed to encourage a more natural flow of interaction. One last thing: Snapchat’s Snapchat Account Recovery developer is a public company, called Snap. It claims to be a camera company. As such, it creates other products, including hardware, like Snapchat Spectacles, which you can read all about from here. Also, Snapchat is colloquially referred to as Snap.

Conclusion

When you see the gear icon on your Profile screen, tap it to access your Snapchat account settings, where you can link your Bitmoji account, manage on-demand geofilters, create or scan a Snapcode, Snapchat Account Recovery. add two factors, adjust your Memories, Spectacles, and Shazam preferences, change your password and phone number, and so much more. Hint : Remember to use reliable and secure passwords and refrain from sharing your passwords. Security is best when done personally.

1 note · View note

its-oliviaisla-world-blog · 5 years ago

Text

5 security mistakes you make every day

1) Using the same username and password

You've heard it before many times, but let's say it again once more, because many people don't seem to pay much attention: don't use the same passwords for multiple times on different accounts, and be sure to change your passwords often at least once in a 3 months.

If you have trouble remembering long difficult passwords with symbols, get password manager app that does it for you.

Using the same password for everything is like having a master key for to open every lock that also opens your vault, starts your car and gives you access to all your bank accounts - if someone takes it, they will have access to your whole world.

Changing passwords often also a protection against the already regular data leaks that happen in large and small companies. If your login credentials perform on the web, it doesn't matter how many times if you recently changed them.

“Password-cracking techniques has advance a lot with time,” said Darren Guccione, CEO of Keeper Security.

"These criminals follow their victims on social media platforms for keywords to feed malware that use AI (artificial intelligence) to check different combinations till it cracks the password."

"Nobody likes long and difficult passwords with symbols, but they are more vital now in this era than ever," he told us. "And The simple passwords with your date of birth and car number plate that worked for you few years ago are probably not sufficient today."

2) Do not protect smartphones only with Screen lock

Once someone can get past your phone's lock screen, they can post to Facebook, read your email, copy your contacts, and probably order a series of Amazon electronic products as well. Still, about 15% of users still don't protect their phone with a PIN or some biometric scan method.

There are now plenty of fingerprint technologies and facial recognition even iris reading on the new device, so it’s better to use these features on your device and a long PIN code is still a secure means of protection (as long as you are not entering it slowly in front of someone).

You should definitely avoid is the screen unlock pattern, which is easier to copy, according to recent studies by the U.S. Naval Academy and the University of Maryland, Baltimore (UMBC).

Research has proven that two-thirds of people can mimic a pattern after they have seen you only once unlocking the phone, compared to a six-digit PIN that is pretty difficult to copy only 1 in 10 contributors were able to replicate after a single sight.

"To safeguard against the people staring over your shoulder, Android unlock patterns may seem more secure to you, but our results show that 6-digit PINs provide better security from a people trying to recreate the access code sight over your shoulder," at UMBC, one of the researchers working on the eidetic memory study, told us.

3) Not using the two-factor authentication

We've already talked about common incidences of passwords and login details get leaked on the internet nowadays, for which, essentially needed both factors which makes it more secure in the way - in addition to your username and password, hackers also needs more information to give in by another device to log into your web account.

Most commonly used, one time use code generated application like google authenticator, or an SMS sent to your phone number, but whatever the method is, two-factor authentication provides double security.

It is possible these days to enable an account with two-factor protection almost everywhere: Google, Apple, Microsoft, Instagram, Dropbox, Facebook, Twitter, and Amazon.

The method for enabling two-factor authentication, in each platform, is quite simple - just find the rear sign for settings menu and head towards privacy and security settings.

If you are just surfing online or viewing an item at a virtual store, you will not need the two-factor authentication, McAfee member and chief scientist said. “However, if you are buying the item online, it is a totally different scenario, because you are now using your financial data on a website. You need the high level of security based on the amount you’re spending.”

"Hackers are not interested into a personal account secured with two-factor authentication, because it is not the simple and time consuming."

4) Sharing information on Social Media

Any data you share social media can be used to steal your identity, helpful in guessing your passwords, or answer security questions that is protecting your account - from an Instagram photos to your street name showing in a tweet and about your dog name in profile can also use for the security question.

Of course, sharing info on social media is the trend nowadays and not only in people of a certain age group, how weird and possibly dangerous once it felt to share photos on Facebook when the feature first came out. Still, there is no reason why you shouldn't think twice before sharing personal information on these sites.

This means marking your location only when needed (and when away from your home or office), keeping real names and personal details to a minimum, and familiarizing yourself with the tools you can use to restrict your audience to your posts.

"It is significant to know how you can restrict what someone can find out about you online," researcher at Kaspersky Lab, told. "Kaspersky Lab research shows that almost a third of people who use social media networks share their messages, check-ins and other personal information, not just with their friends, but with everyone who is online."

"If you wouldn't publish something about you in a newspaper page, don't publish it online."

5) Using Public Wi-Fi

It is very tempting to connect to any public Wi-Fi network to keep up to date on Snapchat, Twitter, and Facebook but you should never let your thirst for internet get in the way of your judgment of what is safe and what is not.

The problem with public WiFi is that everyone can connect to it, just like you, and that it makes it inherently less secure than your home network. If you absolutely have to use public WiFi, the safest way to stay online away from home is to buy a quality VPN package and create your own encrypted route to the internet.

If you don't want the spend on a VPN, there are still security measures you can take: instead of signing up for new ones, avoid doing anything important over public WiFi do not do banking or send emails and look for the HTTPS icon before entering any sensitive information.

"Public Wi-Fi hotspot is the convenient choice to always stay online, and is a great alternative to using our expensive phone data, However, free public WiFi is not secure."

Hackers and other organizations are always looking for security holes they can exploit: Public WiFi is the haven for them if you're not taking you online protection serious to keep your data safe.

#vpn #online security #public wifi

1 note · View note

un-enfant-immature · 6 years ago

Text

How to choose and use an encrypted messaging app

Text messaging has been around since the dawn of cellular technology, and sparked its own unique language. But it’s time to put sending regular SMS messages out to pasture.

If you have an iPhone, you’re already on your way. iPhones (as well as iPads and Macs) use iMessage to send messages between Apple devices. It’s a data-based messaging system reliant on 3G, 4G, and Wi-Fi, rather than SMS messaging, which uses an old, outdated but universal 2G cellular network. iMessage has grown in popularity, but has left Android devices and other computers out in the dark.

That’s where other messaging services have filled a gap in the market.

Apps like Signal, WhatsApp, Wire and Wickr are also data-based and work across platforms. Best of all, they’re end-to-end encrypted, which means sent messages are scrambled on one end of the conversation — the device — and unscrambled at the other end on the recipient’s device. This makes it near-impossible for anyone — even the app maker — to see what’s being said.

Many popular apps, like Instagram, Skype, Slack and Snapchat don’t offer end-to-end encryption at all. Facebook Messenger has the option to use “secret” end-to-end encrypted messaging, but isn’t enabled by default.

Here’s what you need to know.

Why hate on SMS messaging?

SMS, or short messaging service, is more than three decades old. It’s generally reliable, but it’s outdated, archaic and expensive. There are also several reasons why SMS messaging is insecure.

SMS messages aren’t encrypted, meaning the contents of each text message are viewable to mobile carriers and governments, and can even be intercepted by organized and semi-skilled hackers. That means even if you’re using SMS to secure your online accounts using two-factor authentication, your codes can be stolen. Just as bad, SMS messages leak metadata, which is information about the message but not the contents of the message itself, such as the phone number of the sender and the recipient, which can identify the people involved in the conversation.

SMS messages can also be spoofed, meaning you can never be completely sure that a SMS message came from a particular person.

And a recent ruling by the Federal Communications Commission now gives cell carriers greater powers to block SMS messages. The FCC said it will cut down on SMS spam, but many worry that it could be used to stifle free speech.

In all of these cases, the answer is an encrypted messaging app.

What are the best encrypted messaging apps?

The simple answer is Signal, an open source, end-to-end encrypted messaging app seen as the gold standard of secure consumer messaging services.

Signal supports and encrypts all of your messages, calls and video chats with other Signal users. Some of the world’s smartest security professionals and cryptography experts have looked at and verified its code, and trust its security. The app uses your cell phone number as its point of contact — which some have criticized, but it’s easy to set the app up with a dedicated phone number without losing your own cell number. Other than your phone number, the app is built from the ground up to collect as little metadata as possible.

A recent government demand for Signal’s data showed that the app maker has almost nothing to turn over. Not only are your messages encrypted, each person in the conversation can set messages to expire — so that even if a device is compromised, the messages can be set to already disappear. You can also add a separate lock screen on the app for additional security. And the app keeps getting stronger and stronger. Recently, Signal rolled out a new feature that masks the phone number of a message sender, making it better for sender anonymity.

But actually, there is a far more nuanced answer than “just Signal.”

Everyone has different needs, wants and requirements. Depending on who you are, what your job is, and who you talk to will determine which encrypted messaging app is best for you.

Signal may be the favorite app for high-risk jobs — like journalism, activism, and government workers. Many will find that WhatsApp, for example, is good enough for the vast majority who just want to talk to their friends and family without worrying about someone reading their messages.

You may have heard some misinformed things about WhatsApp in recent years, sparked largely by incorrect and misleading reporting that claimed there was a “backdoor” to allow third parties to read messages. Those claims were unsubstantiated. WhatsApp does collect some data on its 1.5 billion users, like metadata about who is contacting whom, and when. That data can be turned over to police if they request it with a valid legal order. But messages cannot be read as they are end-to-end encrypted. WhatsApp can’t turn over those messages even if it wanted to.

Although many don’t realize that WhatsApp is owned by Facebook, which has faced a slew of security and privacy scandals in the past year, Facebook has said it’s committed to keeping WhatsApp messages end-to-end-encrypted by default. That said, it’s feasibly possible that Facebook could change its mind in the future, security researchers have said. It’s right to remain cautious, but WhatsApp is still better to use for sending encrypted messages than not at all.

The best advice is to never write and send something on even an end-to-end encrypted messaging app that you wouldn’t want to appear in a courtroom — just in case!

Wire is also enjoyed by many who trust the open-source cross-platform app for sharing group chats and calls. The app doesn’t require a phone number, instead opting for usernames, which many who want greater anonymity find more appealing than alternative apps. Wire also backed up its end-to-end encryption claims by asking researchers to conduct an external audit of its cryptography, but users should be aware that a trade-off for using the app on other devices means that the app keeps a record of everyone you’ve ever contacted in plain text.

iMessage is also end-to-end encrypted and are used by millions of people around the world who likely don’t even realize their messages are encrypted.

Other apps should be treated with care or avoided altogether.

Apps like Telegram have been criticized by experts for its error-prone cryptography, which has been described as “being like being stabbed in the eye with a fork.” And researchers have found that apps like Confide, once a favorite among White House staffers, don’t properly scramble messages, making it easy for the app’s makers to secretly eavesdrop on someone’s conversation.

How to verify someone’s identity

A core question in end-to-end encrypted messaging is: how do I know a person is who they say they are?

Every end-to-end encrypted messaging app handles a user’s identity differently. Signal calls it a “safety number” and WhatsApp calls it a “security code.” Across the board, it’s what we call “key verification.”

Every user has their own unique “fingerprint” that’s associated with their username, phone number or their device. It’s usually a string of letters and numbers. The easiest way to verify someone’s fingerprint is to do it in person. It’s simple: you both get your phones out, open up a conversation on your encrypted messaging app of choice, and you make sure that the fingerprints on the two sets of devices are exactly the same. You usually then hit a “verify” button — and that’s it.

Verifying a contact’s fingerprint remotely or over the internet is tricker. Often it requires sharing your fingerprint (or a screenshot) over another channel — such as a Twitter message, on Facebook, or email — and making sure they match. (The Intercept’s Micah Lee has a simple walk-through of how to verify an identity.)

Once you verify someone’s identity, they won’t need to be reverified.

If your app warns you that a recipient’s fingerprint has changed, it could be an innocuous reason — they may have a new phone number, or sent a message from a new device. But that could also mean that someone is trying to impersonate the other person in your conversation. You would be right to be cautious, and try to reverify their identity again.

Some apps don’t bother to verify a user’s identity at all. For example, there’s no way to know that someone isn’t secretly snooping on your iMessage conversations because Apple doesn’t notify you if someone is secretly monitoring your conversation or hasn’t somehow replaced a message recipient with another person.

You can read more about how Signal, WhatsApp, Telegram, and Wire allow you to verify your keys and warn you of key changes. (Spoiler alert: Signal is the safest choice.)

There are some other tips you should know:

Encrypted message backups are usually not encrypted in the cloud: A very important point here — often, your encrypted messages are not encrypted when they are backed up to the cloud. That means the government can demand that your cloud provider — like Apple or Google — to retrieve and turn over your encrypted messages from its servers. You should not back up your messages to the cloud if this is a concern.

Beware of desktop apps: One of the benefits to many encrypted messaging apps is that they’re available on a multitude of platforms, devices and operating systems. Many also offer desktop versions for responding faster. But over the past few years, most of the major vulnerabilities have been in the buggy desktop software. Make sure you’re on top of app updates. If an update requires you to restart the app or your computer, you should do it straight away.

Set your messages to expire: Encryption isn’t magic; it requires awareness and consideration. End-to-end encrypted messaging won’t save you if your phone is compromised or stolen and its contents can be accessed. You should strongly consider setting an expiry timer on your conversations to ensure that older messages will be deleted and disappear.

Keep your apps updated: One of the best ways to make sure you stay secure (and get new features!) is to make sure that your desktop and mobile apps are kept up-to-date. Security bugs are found often, but you may not always hear about them. Keep your apps updated is the best way to make sure you’re getting those security fixes as soon as possible, lowering your risk that your messages could be intercepted or stolen.

More guides:

Why you need to use a password manager

Two-factor authentication will save you, even if you don’t know it yet

How to protect your cell phone number and why you should care

How to browse the web securely and privately

Gift Guide: The best security and privacy tech to keep your friends safe

#TechCrunch

0 notes

ntrending · 6 years ago

Text

How to do two-factor authentication like a pro

New Post has been published on https://nexcraft.co/how-to-do-two-factor-authentication-like-a-pro/

How to do two-factor authentication like a pro

“Where did I leave the spare key to my email account?” is a phrase you can actually say. (Brina Blum via Unsplash/)

If your level of anxiety over online security and privacy is on the healthy side, you probably already have two-factor authentication (2FA) set up for your main accounts. If you don’t, you should seriously consider activating it to protect yourself from phishing, hacks, and anybody who may want to steal your data.

Don’t know what I’m talking about? Here’s the 101: 2FA adds an extra layer of security to your online accounts. When activated, this protocol will ask you for something other than your username and password whenever you log in from a new device. That may be a code, a key, or to accept a prompt on your smartphone. This way, if somebody gets your password, 2FA will prevent them from getting into your account.

“It’s definitely a lot better than not having any second factor. You’ve given any attacker more work than they need to do,” says Shuman Ghosemajumder, chief technology officer of Shape Security.

But deciding to activate 2FA is like deciding you want to start running—do you just want to jog a bit, train for a 5k, or get yourself in shape for an entire marathon? There are a number of options, including apps and security keys, that provide different levels of protection for all your security and privacy needs. You can use a single method that works best for you, or employ several for one account, depending on the platform. The choice is yours.

Level 1: SMS

Don’t get too excited—it’s not the cute guy from the weekend. It’s just Google. (Sandra Gutierrez G./)

People often choose to employ 2FA via text messaging (specifically, short message service, or SMS) because it’s so practical. The process is simple: you log into your account with your username and password, receive a text with a code, then type that code into the login screen to gain access to your account.

The problem with text messaging is that because it’s data that travels through a phone line, it can be compromised and your six-digit code intercepted. You know how you can switch cell phone providers and still keep your number? That’s called a SIM swap and you can request one by providing nothing more than your phone number and the last four digits of your Social Security number. Thanks, in part, to major hacks, the internet currently has a well-nurtured database of SSNs, which could make it rather easy for an account thief to steal your cell phone number and redirect your authentication texts to another device.

That’s exactly what happened in 2018 when hackers accessed Reddit employees’ accounts via text message-based 2FA, compromising data from thousands of the platforms’ users.

If you think nobody would ever go through so much trouble to steal your data, think again.

“It’s certainly something that happens, but what’s even easier than that is to just use that phone number to send a phishing message,” Ghosemajumder says.

That’s called smishing—a portmanteau of “SMS” and “phishing”—and it’s the text message version of those sketchy emails that claim to come from your bank and urge you to click a link.

Still, text message-based 2FA is practical and, regardless of its vulnerabilities, better than nothing at all. But if you store sensitive data in your accounts or if we’ve simply scared you away from text messages, there are other more secure methods you can try.

Level 2: Apps and prompts and codes, oh my!

Could you imagine someone snapping pictures with totally basic filters from your Snapchat? Better protect that account. (Google Play Store/)

Google users can ask to receive prompts to verify a sign-in to their account from a new device. Then, when you log in with your username and password, you’ll see a pop-up window on your phone asking if it was actually you who tried to log in, and if you authorize it. These prompts are encrypted and travel through Google’s network, so they’re less likely to be compromised than texts, which makes them safer.

But not all platforms offer prompts. That’s why another popular strategy for 2FA is to use code generator apps. They’re pretty self-explanatory—the apps generate six-digit codes that you can use to log into your accounts. These codes are created randomly using time-based one-time password (TOTP) protocol, meaning they can only be used once, and for a limited amount of time—generally 30 seconds—before they’re automatically replaced with another. Code generator apps can be practical because they let you link as many accounts as you want, but you only need to go to one place for all your codes.

One of the simplest code generator apps is Google Authenticator (available for Android and iOS). It not only works with Google accounts, but also with any other platform that supports code generator-based 2FA.

If you want a more customizable experience, you can go for apps such as AndOTP (available only for Android) or Authy (also available for iOS), which let you add labels and icons featuring the logos of several platforms, so you can identify codes at a glance.

For extra safety, you can protect these apps with a PIN number or—in Authy’s case—your fingerprint, so even if someone steals your phone and gains access to it, they still couldn’t use your code generator app. Another cool feature of both AndOTP and Authy is “tap to reveal,” which hides all your codes and only reveals one at a time as you tap the one you need. This can be useful if you’re accessing one of your accounts in a public place where someone can easily look at your phone.

To use a code generator app on Facebook, for example, go to Settings > Security and Login > Use two-factor authentication > Authentication App. Facebook will then display a QR code you’ll have to scan with your phone’s camera via the code generator app when you add your Facebook account. Finally, enter the code provided by the app. This will make sure your app is in sync with Facebook.

Level 3: If you don’t trust digital, go analog

To charge or to use your security key? Ah, there’s the rub. (Yubico/)

In an era when it sometimes seems nothing you put on your phone can be trusted to be safe, going back to basics may be a good idea. If your level of security anxiety is this high, there are a couple more-analog methods you can use with 2FA that will allow you to sleep better at night.

The easiest option is to get a security key—a tiny USB device you use the same way you would the keys to your apartment. Once you enter your username and password on a new device, the 2FA protocol will ask you to plug your security key into the device’s USB port and tap it once to complete your login. These little gadgets are super useful and exceptionally easy to carry around—just hook yours to your keychain and you’ll always have it with you.

The most traditional security keys on the market are compatible with USB-A ports or, as you may know them, regular duck-mouthed USB ports. This immediately leaves behind mobile devices such as smartphones and tablets, as well as tiny laptops such as the MacBook Air that don’t have their own USB-A ports. There are USB-C security keys on the market, too, and they’re compatible with most newer mobile devices, but they tend to be a little pricier, going for $40 to $60 on Amazon.

It’s common for people to register multiple security keys for a single account, Ghosemajumder says. That way, they can stash a spare in a secure place in case they lose one they use regularly.

If you keep misplacing your security keys or just don’t want to invest in one, your Android phone can act as a key for your Google account. The company announced this new feature in April, and it lets people use their smartphones to confirm logins through Bluetooth. Doing so will connect your phone to the device you’re logging into and make sure you’re accessing a secure website.

If this still isn’t analog enough for you, you can always opt for backup or recovery codes. Supported by all major platforms, including Google, Apple, Facebook, Instagram, and Twitter, this method involves one or more codes you can either save in a document or copy onto a piece of paper and carry around with you. For your Google account, for example, you can find them in Account > Security > 2-Step Verification > Backup Codes. In general, they’re listed within the recovery or backup codes section in the 2FA settings of most accounts.

Nothing is more analog than pen and paper. Although you can also carve your backup codes in a cave somewhere. That’ll work. (Kelly Sikkema via Unsplash/)

These are limited and you can only use each of them once, so if you run out, you have to log in again and get more. Backup codes are not designed to be used instead of prompts or security keys, but they can be quite useful in extreme cases, such as when you’re traveling and don’t have your phone or security key with you.

As you can see, there are a lot of ways to use 2FA and you can choose which one works best for you. Different platforms support different methods, so check out Two Factor Auth to see which ones are available for your accounts.

Keep in mind that you can—and should—enable more than one method of 2FA. It’s always a good idea to have a backup in case you lose your phone or security key, or something is wrong with your connection. Just remember your security strategy will be as weak as the least-secure 2FA method you choose. So choose wisely.

Written By Sandra Gutierrez G.

#Environment

0 notes

williamsjoan · 6 years ago

Text

How to choose and use an encrypted messaging app

Text messaging has been around since the dawn of cellular technology, and sparked its own unique language. But it’s time to put sending regular SMS messages out to pasture.

That’s where other messaging services have filled a gap in the market.

Here’s what you need to know.

Why hate on SMS messaging?

SMS, or short messaging service, is more than three decades old. It’s generally reliable, but it’s outdated, archaic and expensive. There are also several reasons why SMS messaging is insecure.

SMS messages can also be spoofed, meaning you can never be completely sure that a SMS message came from a particular person.

In all of these cases, the answer is an encrypted messaging app.

What are the best encrypted messaging apps?

The simple answer is Signal, an open source, end-to-end encrypted messaging app seen as the gold standard of secure consumer messaging services.

But actually, there is a far more nuanced answer than “just Signal.”

Everyone has different needs, wants and requirements. Depending on who you are, what your job is, and who you talk to will determine which encrypted messaging app is best for you.

The best advice is to never write and send something on even an end-to-end encrypted messaging app that you wouldn’t want to appear in a courtroom — just in case!

iMessage is also end-to-end encrypted and are used by millions of people around the world who likely don’t even realize their messages are encrypted.

Other apps should be treated with care or avoided altogether.

Gift Guide: The best security and privacy tech to keep your friends safe

How to verify someone’s identity

A core question in end-to-end encrypted messaging is: how do I know a person is who they say they are?

Once you verify someone’s identity, they won’t need to be reverified.

You can read more about how Signal, WhatsApp, Telegram, and Wire allow you to verify your keys and warn you of key changes. (Spoiler alert: Signal is the safest choice.)

There are some other tips you should know:

Check out our full Cybersecurity 101 guide here.

How to choose and use an encrypted messaging app published first on https://timloewe.tumblr.com/

0 notes

theinvinciblenoob · 6 years ago

Link

Getty Images

Text messaging has been around since the dawn of cellular technology, and sparked its own unique language. But it’s time to put sending regular SMS messages out to pasture.

That’s where other messaging services have filled a gap in the market.

Here’s what you need to know.

Why hate on SMS messaging?

SMS, or short messaging service, is more than three decades old. It’s generally reliable, but it’s outdated, archaic and expensive. There are also several reasons why SMS messaging is insecure.

SMS messages can also be spoofed, meaning you can never be completely sure that a SMS message came from a particular person.

In all of these cases, the answer is an encrypted messaging app.

What are the best encrypted messaging apps?

The simple answer is Signal, an open source, end-to-end encrypted messaging app seen as the gold standard of secure consumer messaging services.

But actually, there is a far more nuanced answer than “just Signal.”

Everyone has different needs, wants and requirements. Depending on who you are, what your job is, and who you talk to will determine which encrypted messaging app is best for you.

The best advice is to never write and send something on even an end-to-end encrypted messaging app that you wouldn’t want to appear in a courtroom — just in case!

iMessage is also end-to-end encrypted and are used by millions of people around the world who likely don’t even realize their messages are encrypted.

Other apps should be treated with care or avoided altogether.

Gift Guide: The best security and privacy tech to keep your friends safe

How to verify someone’s identity

A core question in end-to-end encrypted messaging is: how do I know a person is who they say they are?

Once you verify someone’s identity, they won’t need to be reverified.

You can read more about how Signal, WhatsApp, Telegram, and Wire allow you to verify your keys and warn you of key changes. (Spoiler alert: Signal is the safest choice.)

There are some other tips you should know:

Check out our full Cybersecurity 101 guides here.

via TechCrunch

#IFTTT #TechCrunch

0 notes

fmservers · 6 years ago

Text

How to choose and use an encrypted messaging app

Text messaging has been around since the dawn of cellular technology, and sparked its own unique language. But it’s time to put sending regular SMS messages out to pasture.

That’s where other messaging services have filled a gap in the market.

Here’s what you need to know.

Why hate on SMS messaging?

SMS, or short messaging service, is more than three decades old. It’s generally reliable, but it’s outdated, archaic and expensive. There are also several reasons why SMS messaging is insecure.

SMS messages can also be spoofed, meaning you can never be completely sure that a SMS message came from a particular person.

In all of these cases, the answer is an encrypted messaging app.

What are the best encrypted messaging apps?

The simple answer is Signal, an open source, end-to-end encrypted messaging app seen as the gold standard of secure consumer messaging services.

But actually, there is a far more nuanced answer than “just Signal.”

Everyone has different needs, wants and requirements. Depending on who you are, what your job is, and who you talk to will determine which encrypted messaging app is best for you.

The best advice is to never write and send something on even an end-to-end encrypted messaging app that you wouldn’t want to appear in a courtroom — just in case!

iMessage is also end-to-end encrypted and are used by millions of people around the world who likely don’t even realize their messages are encrypted.

Other apps should be treated with care or avoided altogether.

How to verify someone’s identity

A core question in end-to-end encrypted messaging is: how do I know a person is who they say they are?

Once you verify someone’s identity, they won’t need to be reverified.

You can read more about how Signal, WhatsApp, Telegram, and Wire allow you to verify your keys and warn you of key changes. (Spoiler alert: Signal is the safest choice.)

There are some other tips you should know:

More guides:

Why you need to use a password manager

Two-factor authentication will save you, even if you don’t know it yet

How to protect your cell phone number and why you should care

How to browse the web securely and privately

Gift Guide: The best security and privacy tech to keep your friends safe

Via Zack Whittaker https://techcrunch.com

#TechCrunch

0 notes

nedsvallesny · 7 years ago

Text

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

T-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber’s account in an elaborate scheme to steal the customer’s three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken steps recommended by the mobile carrier to help minimize the risks of account takeover. Here’s what happened, and some tips on how you can protect yourself from a similar fate.

Earlier this month, KrebsOnSecurity heard from Paul Rosenzweig, a 27-year-old T-Mobile customer from Boston who had his wireless account briefly hijacked. Rosenzweig had previously adopted T-Mobile’s advice to customers about blocking mobile number port-out scams, an increasingly common scheme in which identity thieves armed with a fake ID in the name of a targeted customer show up at a retail store run by a different wireless provider and ask that the number to be transferred to the competing mobile company’s network.

So-called “port out” scams allow crooks to intercept your calls and messages while your phone goes dark. Porting a number to a new provider shuts off the phone of the original user, and forwards all calls to the new device. Once in control of the mobile number, thieves who have already stolen a target’s password(s) can request any second factor that is sent to the newly activated device, such as a one-time code sent via text message or or an automated call that reads the one-time code aloud.

In this case, however, the perpetrator didn’t try to port Rosenzweig’s phone number: Instead, the attacker called multiple T-Mobile retail stores within an hour’s drive of Rosenzweig’s home address until he succeeded in convincing a store employee to conduct what’s known as a “SIM swap.”

A SIM swap is a legitimate process by which a customer can request that a new SIM card (the tiny, removable chip in a mobile device that allows it to connect to the provider’s network) be added to the account. Customers can request a SIM swap when their existing SIM card has been damaged, or when they are switching to a different phone that requires a SIM card of another size.

However, thieves and other ne’er-do-wells can abuse this process by posing as a targeted mobile customer or technician and tricking employees at the mobile provider into swapping in a new SIM card for that customer on a device that they control. If successful, the SIM swap accomplishes more or less the same result as a number port out (at least in the short term) — effectively giving the attackers access to any text messages or phone calls that are sent to the target’s mobile account.

Rosenzweig said the first inkling he had that something wasn’t right with his phone was on the evening of May 2, 2018, when he spotted an automated email from Instagram. The message said the email address tied to the three-letter account he’d had on the social media platform for seven years — instagram.com/par — had been changed. He quickly logged in to his Instagram account, changed his password and then reverted the email on the account back to his original address.

By this time, the SIM swap conducted by the attacker had already been carried out, although Rosenzweig said he didn’t notice his phone displaying zero bars and no connection to T-Mobile at the time because he was at home and happily surfing the Web on his device using his own wireless network.

The following morning, Rosenzweig received another notice — this one from Snapchat — stating that the password for his account there (“p9r”) had been changed. He subsequently reset the Instagram password and then enabled two factor authentication on his Snapchat account.

“That was when I realized my phone had no bars,” he recalled. “My phone was dead. I couldn’t even call 611,” [the mobile short number that all major wireless providers make available to reach their customer service departments].”

It appears that the perpetrator of the SIM swap abused not only internal knowledge of T-Mobile’s systems, but also a lax password reset process at Instagram. The social network allows users to enable notifications on their mobile phone when password resets or other changes are requested on the account.

But this isn’t exactly two-factor authentication because it also lets users reset their passwords via their mobile account by requesting a password reset link to be sent to their mobile device. Thus, if someone is in control of your mobile phone account, they can reset your Instagram password (and probably a bunch of other types of accounts).

Rosenzweig said even though he was able to reset his Instagram password and restore his old email address tied to the account, the damage was already done: All of his images and other content he’d shared on Instagram over the years was still tied to his account, but the attacker had succeeded in stealing his “par” username, leaving him with a slightly less sexy “par54384321,” (apparently chosen for him at random by either Instagram or the attacker).

As I wrote in November 2015, short usernames are something of a prestige or status symbol for many youngsters, and some are willing to pay surprising sums of money for them. Known as “OG” (short for “original” and also “original gangster”) in certain circles online, these can be usernames for virtually any service, from email accounts at Webmail providers to social media services like Instagram, Snapchat, Twitter and Youtube.

People who traffic in OG accounts prize them because they can make the account holder appear to have been a savvy, early adopter of the service before it became popular and before all of the short usernames were taken.

Rosenzweig said a friend helped him work with T-Mobile to regain control over his account and deactivate the rogue SIM card. He said he’s grateful the attackers who hijacked his phone for a few hours didn’t try to drain bank accounts that also rely on his mobile device for authentication.

“It definitely could have been a lot worse given the access they had,” he said.

But throughout all of this ordeal, it struck Rosenzweig as odd that he never once received an email from T-Mobile stating that his SIM card had been swapped.

“I’m a software engineer and I thought I had pretty good security habits to begin with,” he said. “I never re-use passwords, and it’s hard to see what I could have done differently here. The flaw here was with T-Mobile mostly, but also with Instagram. It seems like by having the ability to change one’s [Instagram] password by email or by mobile alone negates the second factor and it becomes either/or from the attackers point of view.”

Sources close to the investigation say T-Mobile is investigating a current or former employee as the likely culprit. The mobile company also acknowledged that it does not currently send customers an email to the email address on file when SIM swaps take place. A T-Mobile spokesperson said the company was considering changing the current policy, which sends the customer a text message to alert them about the SIM swap.

“We take our customers privacy and security very seriously and we regret that this happened,” the company said in a written statement. “We notify our customers immediately when SIM changes occur, but currently we do not send those notifications via email. We are actively looking at ways to improve our processes in this area.”

In summary, when a SIM swap happens on a T-Mobile account, T-Mobile will send a text message to the phone equipped with the new SIM card. But obviously that does not help someone who is the target of a SIM swap scam.

As we can see, just taking T-Mobile’s advice to place a personal identification number (PIN) on your account to block number port out scams does nothing to flag one’s account to make it harder to conduct SIM swap scams.

Rather, T-Mobile says customers need to call in to the company’s customer support line and place a separate “SIM lock” on their account, which can only be removed if the customer shows up at a retail store with ID (or, presumably, anyone with a fake ID who also knows the target’s Social Security Number and date of birth).

I checked with the other carriers to see if they support locking the customer’s current SIM to the account on file. I suspect they do, and will update this piece when/if I hear back from them. In the meantime, it might be best just to phone up your carrier and ask.

Please note that a SIM lock on your mobile account is separate from a SIM PIN that you can set via your mobile phone’s operating system. A SIM PIN is essentially an additional layer of physical security that locks the current SIM to your device, requiring you to input a special PIN when the device is powered on in order to call, text or access your data plan on your phone. This feature can help block thieves from using your phone or accessing your data if you lose your phone, but it won’t stop thieves from physically swapping in their own SIM card.

iPhone users can follow these instructions to set or change a device’s SIM PIN. Android users can see this page. You may need to enter a carrier-specific default PIN before being able to change it. By default, the SIM PIN for all Verizon and AT&T phones is “1111;” for T-Mobile and Sprint it should default to “1234.”

Be advised, however, that if you forget your SIM PIN and enter the wrong PIN too many times, you may end up having to contact your wireless carrier to obtain a special “personal unlocking key” (PUK).

At the very least, if you haven’t already done so please take a moment to place a port block PIN on your account. This story explains exactly how to do that.

Also, consider reviewing twofactorauth.org to see whether you are taking full advantage of any multi-factor authentication offerings so that your various accounts can’t be trivially hijacked if an attacker happens to guess, steal, phish or otherwise know your password.

One-time login codes produced by mobile apps such as Authy, Duo or Google Authenticator are more secure than one-time codes sent via automated phone call or text — mainly because crooks can’t steal these codes if they succeed in porting your mobile number to another service or by executing a SIM swap on your mobile account [full disclosure: Duo is an advertiser on this blog].

from Technology News https://krebsonsecurity.com/2018/05/t-mobile-employee-made-unauthorized-sim-swap-to-steal-instagram-account/

0 notes