Greg's Corner

Tagged: two factor authentication Toggle Comment Threads | Keyboard Shortcuts

• 

  Geebo 9:01 am on February 8, 2021 Permalink | Reply
  Tags: north carolina ( 15 ), payment app ( 17 ), Scams ( 1,224 ), two factor authentication, venmo ( 26 )   

  Payment app scam preys on your kindness 

  

  Most of us have some form of banking or payment app on our phones. Whether they’re through our local bank or one of the many mobile payment services available, a lot of us make payments or transactions through these platforms. But how many of us really have these apps secured on our devices? You may have your phone locked using a PIN or fingerprint check, but what if someone was able to bypass your phone lock?

  A woman in Charlotte, North Carolina recently found out the hard way what happens if you don’t secure your apps. She was working at home when a man knocked on her door and asked if he could use her phone. He claimed he had locked his possessions in his car and needed to text a relative. Being a kind person, she allowed the man to use her phone to get help. After using the phone, the man handed the phone back to the woman. That’s when she noticed the emails from Venmo. In that short amount of time, the man is said to have sent close to $1000 to himself through Venmo. The problem with many of these apps like Venmo is that once payment goes through, the victim of a scam can be blocked by the scammer making retrieval of your money almost impossible.

  If you’re the type of person who tends to be a good Samaritan you should be commended for being willing to help others that you may not even know. There is still a way for you to lend someone your phone without exposing your financial apps. Most financial apps have some form of two-factor authentication available to you. A PIN or biometric scan like a fingerprint or face unlock can be enabled. This means that even if your phone is unlocked for someone to use, your financial apps will still be secure. If they don’t offer this service, you may want to consider using an app that does. While you may think that enacting these measures may make it more inconvenient for you, in a short time you’ll hardly even notice the small amount of extra time it takes you.

   

  Leave a ReplyCancel reply
• 

  Geebo 8:00 am on October 21, 2020 Permalink | Reply
  Tags: 2FA ( 11 ), Cash App ( 41 ), payment app ( 17 ), paypal scam ( 12 ), Scams ( 1,224 ), two factor authentication, venmo ( 26 )   

  A Cash App scam that could happen on the street 

  

  Most scams that happen on payment apps like Cash App happen online. However, we just came across one that happens on the street.

  The report we found about this scam comes out of Nashville, Tennessee but could happen in any city. In Nashville, the city is known for its music scene so there are a number of street musicians looking to get their name out there. There are also a number of scammers looking to take advantage of those interested in the music scene.

  The scammers will pose as a street musician and will approach a victim. The scammer will ask for the victim’s phone so they can pull up their music video on YouTube. Instead, the scammer accesses one of the victim’s payment apps like Cash App, Venmo, or PayPal and sends the victim’s money to themselves before fleeing the scene.

  While this particular approach may be exclusive to Nashville or any other city with a vibrant music scene, this scam could happen anywhere. You could be approached by someone asking to use your phone for an emergency where instead of calling someone they could be draining one of your payment app accounts.

  There are several ways to protect yourself against a scam like this. First off, it’s generally a good idea to never hand your phone over to someone you don’t know. Secondly, most of the leading payment apps have security features that prevent other people from accessing your account on your phone. Known as two-factor authentication, you can have a PIN set up to open the payment app or you could use your phone’s fingerprint reader to access your account. When these features are enabled, it goes a long way in preventing others from accessing your accounts on your phone.

   
• 

  Geebo 8:04 am on October 21, 2019 Permalink | Reply
  Tags: 2FA ( 11 ), cybersecurity ( 34 ), internet of things/ ( 7 ), IoT ( 7 ), security ( 46 ), Smart Home ( 5 ), two factor authentication   

  Smart home camera hacked in baby’s room 

  

  A California CEO has written a column for The Mercury News where he relays the tale about how his smart home camera system was hacked. It is quite a rather harrowing tale as the digital vandals used the speaker on the camera in the baby’s room to harass the family’s nanny. The anonymous voice on the other end of the camera was using profanity and even threatened to come take the baby at one point. It wasn’t until all the cameras were disconnected did the harassment stop. The father later found out that this is a fairly common occurrence with internet-connected cameras, specifically the brand that he was using.

  The father then tried contacting the technical support arm of the corporation that manufactures the cameras and was on hold for over an hour. He also received emails that continued to push the idea of two-factor authentication to keep out would-be pranksters. The father was not satisfied with this response and has vowed not to use this brand of camera ever again. His outrage can be understood especially for parents with young children because you can never truly know who is watching your home while you’re unaware. A more sophisticated criminal could use such information gleaned from home cameras to tell when a home may be vulnerable to being robbed.

  [youtube https://www.youtube.com/watch?v=Tgfg4Dv2B2M%5D

  While the camera maker’s customer service may sound a little tone-deaf as far as the father’s mistrust is concerned, their advice about two-factor authentication is not wrong. 2FA, as it’s known, can go a long way in preventing these cameras from being hijacked. Also if you use the same password across multiple services you could be compromising your security greatly by making it easy for hackers to gain access to your devices. In this case, you may want to try some of the more reliable password managers out there. As we have said before, if you don’t take your internet security more seriously, it’s like having the most expensive lock that you just leave the key in.

   
• 

  Geebo 8:00 am on October 9, 2019 Permalink | Reply
  Tags: 2FA ( 11 ), advertising ( 11 ), cybersecurity ( 34 ), phone security ( 6 ), security ( 46 ), Twitter ( 13 ), two factor authentication   

  Twitter leaks phone numbers to advertisers 

  

  We’ve mentioned two-factor authentication, or 2FA as it’s known, a few times lately. It’s the security protocol that has two or more layers of authentication that better secures your online accounts. The most common form of 2FA is through text messaging. For example, if you have 2FA enabled, when you sign in to an online account not only would you have to provide your password but you’d also have to provide a code that had been texted to you. While authentication sent through SMS texts isn’t the most secure form of 2FA it is better than nothing. However, thanks to so many platforms using SMS texting for 2FA it has led one platform to issue an apology recently.

  [youtube https://www.youtube.com/watch?v=07mRDyydCNY%5D

  Twitter recently announced phone numbers that users had registered with them for two-factor authentication were used for targeted advertising. The numbers were used to match users to marketing lists provided by advertisers. In some people’s eyes, that goes against everything that 2FA is supposed to stand for. One security expert even compared Twitter’s practice to that of trying to secure a tent against bears by using raw meat.

  Like we said, While SMS text messages are the most common form of 2FA, they’re not the most secure. There are alternatives that you can use that are more secure. There are hardware keys that act as authenticators that can be used on both computers and mobile devices. There are also software alternatives that are free, that create something along the lines of a temporary secondary password that can be used for the second layer of authentication. This way, you won’t have to worry about even more robocalls from advertisers and other bad actors from plaguing your phone.

   
• 

  Geebo 8:00 am on September 26, 2019 Permalink | Reply
  Tags: 2FA ( 11 ), hacking ( 31 ), internet of things/ ( 7 ), IoT ( 7 ), security ( 46 ), Smart Home ( 5 ), two factor authentication   

  When a smart home isn’t so smart 

  

  Many people think that they are better securing their home by installing smart devices. These devices can range from anything from cameras to door locks and anything in between. These classes of smart devices are known as the internet of things or IoT for short. That means that these devices are connected to the internet so the user can control them from just about anywhere. The major drawback to IoT devices is that they can also be controlled by bad actors if the user isn’t careful.

  A couple in Milwaukee found that the hard way this week when someone was able to take control of some of their smart devices. The couple had a nest camera and thermostat installed. When one of them came home they found that the thermostat was set at 90 degrees. After that, someone started verbally harassing them through the speaker on their security camera. Even after the couple changed all their passwords the abuse continued until the devices were disconnected. The couple lays the blame at Nest, which is owned by Google, but the fault may lie elsewhere.

  [youtube https://www.youtube.com/watch?v=xbk3OdYBLHA%5D

  It’s not hard to hack into IoT devices if the users are using the same password or weak passwords to secure their network and devices. Also, as we discussed with the recent YouTube hack, two-factor authentication (2FA) should also be enabled on these devices. While 2FA has its own flaws, it’s more secure than using an easily guessed password. These devices are designed to help protect your home, but if you’re not using 2FA it’s like having the most expensive lock that you just leave the key in.

   
• 

  Geebo 8:00 am on September 24, 2019 Permalink | Reply
  Tags: 2FA ( 11 ), hacking ( 31 ), security ( 46 ), two factor authentication, YouTube ( 6 )   

  What you can learn from the massive YouTube hack 

  

  Recently, a large number of YouTube channels with substantial subscriber counts had been hijacked by hackers. This way the hackers can sell the accounts to bad actors who can then potentially claim a channel with a large built-in subscriber base. It’s not easy to cultivate a successful YouTube channel. Some creators have spent years carefully growing their audience in a highly competitive market. To possibly see it all disappear in an instant could be a devastating blow to any moderately successful channel.

  The plot against some of YouTube’s creators was a coordinated phishing attack. Authentic looking emails were sent to creators asking them to log into their accounts. Like most phishing attacks, the creators were then directed to phony login pages where the hackers could steal their login credentials. The hackers could then assign the channels to new owners, locking the creators out of their channels. What’s particularly troubling about this attack is that it allegedly bypassed what’s known as two-factor authentication. 2FA, as it’s known, is the process of requiring a user to securely log in to their accounts using a two-step process that usually involves signing in with their log-in credentials then verifying their access request by replying to a text message. it’s believed that the hackers were able to intercept the 2FA messages.

  [youtube https://www.youtube.com/watch?v=5Xd4kWSl3Ac%5D

  If you’re not using 2FA, you should be. While it’s not unhackable it does go a long way in stopping someone from accessing your sensitive accounts. While SMS text messages are the most common form of 2FA, they’re not the most secure, however, there are alternatives. One way of protecting yourself is by purchasing a hardware key that works on both your computer or phone that you have to have in your possession to access your accounts. There are also software approaches to 2FA like Google Authenticator or Microsoft Authenticator, both of which are free.

  Some of these YouTube creators may have lost their life’s work. With a more secure 2FA option you may not have to worry about losing anything important that you access online.

  When a smart home isn’t so smart | Greg's Corner is discussing. Toggle Comments

   
• 

  Geebo 10:00 am on June 28, 2016 Permalink | Reply
  Tags: security ( 46 ), two factor authentication   

  Are your online accounts secure enough? 

  

  What are your most important online accounts? Probably your bank, your email and your social network of choice in that order. Now you may have those accounts protected with a strong password, but is that enough? You may have a password that contains alphanumeric characters both upper and lowercase among non-alphanumeric characters and that is 12 characters long. That’s all well and good but it’s not perfect. Having your accounts protected by a strong password is only one layer of protection but it is also one level of failure.

  Most online services today offer a feature that’s known as two factor authentication. When you activate two factor authentication your username and password is only one step to logging into your account. The second part to the authentication, in most cases, is that the service you’re trying to access sends you a personal one-time code, usually through a text message. That means that if you activate two factor authentication, if someone were to ascertain your username and password they still wouldn’t be able to access your account without having your cell phone.

  While two factor authentication isn’t perfect it can go a long way in keeping your online life secure.