All of the advice in this article is sound, but to be honest and in my humble opinion, the most valuable point made here or in general concerning social media and security is the absolute need for two-factor / multi-factor authentication. This must become a component of everything we do online.
two-factor authentication
Two-factor authentication (2FA) and why we do or don’t use it
This is an interesting read into the why’s and why not’s of multi-factor authentication usage. Enjoy.
How hackers broke into John Podesta, DNC Gmail accounts
The explanation of the compromises is fairly straightforward and in no way unexpected. The advice at the end of the article is just as straightforward and very sound. Two-factor authentication and end user awareness and education can resolve many of these problems.
https://nakedsecurity.sophos.com/2016/10/25/how-hackers-broke-into-john-podesta-dnc-gmail-accounts/
Don’t Make These Two Major Multi-Factor Security Mistakes
This is a somewhat chilling story. I certainly agree that Authenticator is a stronger solution, especially for those people more apt to be targeted.
https://blog.knowbe4.com/dont-make-these-two-major-multi-factor-security-mistakes
NIST Recommends SMS Two-Factor Authentication Deprecation
This is an intriguing draft document by NIST concerning SMS and two-factor authentication. This is a commonly used technique for many two-factor providers so conversion to more secure methods may take time. This is certainly not a finalized recommendation and adoption will take time if it moves forward.
https://threatpost.com/nist-recommends-sms-two-factor-authentication-deprecation/119507/
Google Simplifies Two-Step Verification
This is yet another good reason to move forward and implement two-factor authentication. Kudos to Google.
https://threatpost.com/google-simplifies-two-step-verification/118814/
Krebs – Citing Attack, GoToMyPC Resets All Passwords
I mentioned this yesterday and many other times in the past, but I will mention it again, if you are having to go through the process of resetting your password due to this breach, go ahead and take the time to set up two-factor authentication. It is simple, easy, and can prevent a breach in the event of lost or compromised credentials.
http://krebsonsecurity.com/2016/06/citing-attack-gotomypc-resets-all-passwords/
Don’t Make Your Password a Classic
In response to this article, I will simply say “Agreed”. Password managers and two-factor authentication are the best options available to combat credential theft and reuse.
http://www.tripwire.com/state-of-security/security-awareness/dont-make-your-password-a-classic/
SANS OUCH Newsletter – September 2015: Two-Step Verification
In light of the recent scare around Google, Yahoo, and Microsoft credentials, I believe this article from the team at SANS Securing the Human is good content and definitely worth a share. Enjoy!
http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201509_en.pdf
Using Two-Factor Authentication for the Administration of Critical Infrastructure Devices
This article is a great reminder of the value of two-factor authentication and is well worth a read.
