Some thoughts on Amazon's 2FA

Amazon now let you secure your account with Two-Factor-Authentication (2FA). This means you can log on with a one-time password which changes every minute. For some reason, Amazon call it Two-Step-Verification (2SV) - but it is exactly the same as all the other 2FA solutions. The Process There's no direct link to 2FA settings. So […] Read More

PayPal doesn't care about 2FA security

Remember when PayPal was a cool new company dedicated to radically improving online payments? Seems like it was ages ago. Now PayPal is little better than then bloated banks it sought to overthrow. Arcane bureaucracy, impenetrable fees, and a lamentable approach to security. I was minded recently to switch on 2-Factor-Authentication (2FA) for all my […] Read More

2FA Best Practice - Disable Autocomplete

Just a short usability / security post. Hopefully, you're all using Two-Factor Authentication on your important sites. As well as a username and password, you've also got to enter a one-time code. Usually it is generated by an app, or sent to you via SMS. Each code can only be used once - which makes […] Read More

Facebook 2FA Security Flaw (Disclosed)

I've found (and disclosed) what I think is an interesting little security flaw in Facebook's Two-Factor Authentication usage. First thing's first, this isn't a show-stopping bug. It's more of a curiosity which shows how different providers treat the verification of Two-Factor Authentication. Details If you are a security conscious user, you should have set up […] Read More

Two-Factor Authentication and the Police State

In Britain - and many other countries - the police can legally force you to divulge your passwords. Whether it's to an encrypted file, a social network, or your email account, the state can legally rifle through your most intimate thoughts and (potentially) pose as you online. As we've recently seen, this can be done […] Read More