Whistleblower warning: 2FA codes sent via SMS are trivially easy to intercept
Apps or physical authenticators are a better choice
Valve confirms Steam 2FA leak affecting 89 million users, no passwords compromised
Steam wasn't hacked, but you should probably start using the authenticator app anyway
Twilio confirms millions of phone numbers were accessed from Authy 2FA app
Update your Authy app right now
Google adds support for passkeys to protect your account
A better way to secure your Google account
Google Authenticator introduces two-factor access code synchronization to the cloud
Using Google's 2FA capabilities across devices and services will be easier now
Twitter's SMS two-factor authentication is now a paid feature
Non-subscribers will still have access to 2FA via authentication apps and security keys
Two-Factor Authentication: Methods and Myths
When I mentioned to a few friends that I was writing a feature about two-step authentication, the typical response was an eye-roll and "Oh, that annoying thing?..." But wait. There's more to it.
Reddit recommends users set up 2FA following confirmed data breach
Reddit sources say no user data was compromised in the attack
Meta awarded researcher a $27,200 bug bounty for glitch that bypassed Facebook 2FA
There was no limit on how many times users could get their 2FA code wrong
Facebook locked out users for failing to enable Facebook Protect
"Please click this link by [date] or you will be locked out of your account" is a common email phishing ploy
FBI notices sharp increase in SIM-swapping attacks leading to over $68 million of damages to US citizens
In 2021, the number of SIM-swapping complaints received by the bureau were five times higher than the previous three years combined
Google finds a 50% reduction in user account breaches after auto-enabling 2FA
More online protections are coming as well, including a new account-level safe browsing feature
Google will automatically enable two-factor authentication for 150 million users by this year's end
Google wants to prevent unauthorized access to user accounts
Your Google accounts will soon default to 'two-step verification'
There was an uproar that it would be mandatory, but Google clarified that is not the case
Google Authenticator for iOS gets a new look and a bulk account export feature
Switching iPhones just got a bit easier
Microsoft exec advises users to switch away from SMS-based two-factor authentication
Consider a secure app-based solution instead
Nintendo says over 160,000 accounts were compromised, disables NNID logins
Best check your account
ThreatFabric: Cerberus Android malware can bypass 2FA and allow remote access to your device
Researchers expect the threat landscape to get crowded this year
Ring makes two-factor authentication mandatory
Will the additional security measures help with privacy concerns?
iPhones can now be set up as physical authentication keys
Only works with Google accounts being accessed via Chrome but better than nothing
Princeton study: US carriers do little to protect customers from SIM-swap attacks
One more reason to avoid using text messaging for two-factor authentication
You can now log in to Windows devices using Yubico's security keys
Adding an extra layer of security
You can now use your Android devices as a hardware security key for Google account logins on iOS
Cross-OS two-factor authentication
Google study shows the importance of recovery phone numbers
Adding a phone number to your Google account helps keep it secure