Tag Archives: one-time passwords

11 Million Ashley Madison Passwords Already Cracked

14 September 2015

This LIFARS post from last Friday should shake up every service provider. It’s definitely time to make Two Factor Authentication (TFA) obligatory for all services which process personal details.

Microsoft Authenticator App

Microsoft Authenticator App

TFA is no longer a matter of technology. For example, Authenticator Apps are available for all phone operating systems and, really easy to use. Combined with even a weak passwords the one-time passcodes generated by the authenticator apps form a nearly unbreakable authentication method.

In my opinion it’s high time for service providers to make procedures for the use of TFA for their services technically available. And they should force users in their own interest to switch to TFA, if necessary by proper terms of use for their services.

With this, news like Ashley Madison Breach Reveals Ridiculously Weak Passwords are a thing of the past.

Take care! And learn how-to protect yourself against identity theft.

Twitter announces text message based one-time password initiative

1 November 2014

I was eager to read more about Digits, Twitter’s text message based one-time passcode service, when the message popped up in my inbox. Because with one-time passwords identity theft or password phishing are things of the past. And with Twitter another global player besides Microsoft and Google jumps onboard the anti-password campaign.

Twitter provides the development platform and messaging infrastructure that allows app developers to waive passwords. Users could use their mobile number as the first authentication factor and the one-time passcode provided by an SMS as second authentication factor for login to a service.

The good news is: The service is free of charge and, since Twitter uses its own trusted infrastructure, the service will be available in 191 countries with support for 28 languages from the start.

Sound’s really good.

But not everything that glitters is gold. Man-in-the-middle attacks could become as serious issue as well as tampering of mobile phone numbers. Hopefully Twitter has developed a threat model for the new service and mitigated at least the known the vulnerabilities.

A new era of IT security is downing …