Text Messages Ask Me To Download Messages UPDATED

Text Messages Ask Me To Download Messages

After a series of loftier-profile hackings, Twitter concluding week finally joined the likes of Google and Facebook and introduced two-factor hallmark. Users opting to use the new security tool must now enter a code they receive via a text message sent to their jail cell phones each time they log into the microblogging service.

While Twitter'south decision to provide account holders with two-factor authentication is proficient news—especially considering the string of news organizations and big brands such equally Jeep and Burger King that have been hacked in recent months—some experts warn that it won't be enough to foreclose the hijacking of high-profile accounts.

For 1 thing, the new security choice isn't likely to help organizations that accept many staff members posting to a single Twitter account. Obviously, they don't all use the same mobile phone. It as well won't protect users from man-in-the-center attacks through which a user is lured to a imitation Twitter login folio, enters his or her login credentials and the six-digit two-factor authentication countersign, thereby giving a bad guy entry to the account.

For brands, a hacked Twitter account can be disastrous. Information technology's not only costly to close down an account and extricate information technology from a hacker'south control, but there are also client relations and reputation management concerns to consider. Stock prices can fifty-fifty take a beating, as they did in Apr when the Associated Press'south account was breached and hackers tweeted about explosions at the White Business firm.

The proficient news is that SMS codes sent to mobile phones are far from the just way you can employ 2-factor hallmark to protect your brand. Here are iii other good options to consider.

Hardware Token: The YubiKey

The YubiKey, made past a Swedish-American company called Yubico, is a small piece of hardware that looks similar a USB stick that your customers or employees plug into the computers' USB port. Each time a user logs onto your website or system, they must push a push on the YubiKey to generate a i-fourth dimension password validating that the person is who they say they are. Yubico as well makes a near-field communication (NFC) variant of the device called the YubiKey NEO, which enables contactless communication for securing NFC enabled mobile devices.

Scads of loftier-profile companies are equipping employees, users and customers with YubiKeys, including Google, Microsoft, the U.S. Department of Defense and the government of Turkey. Yubico is also partnering with several single-sign on services, including OneLogin and Clavid, so that the YubiKey can work beyond dozens of services including Adobe, Salesforce, LinkedIn, and more than. It also works with password managers such as LastPass, PasswordSafe and Passpack. In fact, the company says more than i meg users in 120 countries are using the hardware token.

"A service provider who wants to add YubiKey support could chose to use Adjuration, [the open authentication standard], our gratuitous open source server components, or our hosted service, the YubiCloud," says Yubico CEO Stina Ehrensvard. "With a simple web API, it takes approximately 20 minutes to integrate the YubiCloud, which works out-of-the-box with a YubiKey purchased on Yubico spider web store."

A enterprise with upwards to 5,000 users that use Yubico'due south hardware, software and services can expect to pay $13 per year, per YubiKey—that's somewhere around $318,000 for v years. For smaller businesses, Ehrensvard says that it's possible to purchase a tray of 50 YubiKeys from Yubico's web store. This is a i-time cost of $750 and information technology works with the gratuitous version of YubiCloud or free open up source software.

Ehrensvard said her company is working with Google and other IT giants on a new open authentication standard: "This is expected to be launched in 2014, allowing our premium YubiKey, the YubiKey NEO, to work out-of-the box with Google services and a range of other cloud and fiscal services."

A User's Phone Location: Toopher

The Toopher 2-gene authentication solution can exist installed on a company's website with just a few lines of code, and it works through an app on a user's telephone. When the person begins to to log onto a site, the software verifies their identity by detecting which computer they're using and where their phone is physically located.

Toopher is an ambitious ii-factor hallmark tool.

After installing the Toopher app, the user pairs it with your web service. The kickoff time the person tries logging onto your site from a new location, he or she must give permission to practice and then through the app. After that commencement log-in from a detail location, a user can opt to take permissions given automatically then that the app runs in the groundwork and operates invisibly. In this way, it'south unlike from the SMS-based ii-gene authentication used by Twitter, Google and Facebook, which require users to enter a lawmaking each time they want to log in.

Toopher CEO Josh Alexander maintains that hassle will go along adoption of Twitter'southward new 2-gene hallmark option low: "Having to pull your phone out of your pocket every single time you desire to do something equally arbitrary as logging in is also much friction."

Toopher is gratis for companies with 50 users or less. While pricing can be as loftier as $2.50 per user per month for internal deployments, it scales to pennies per month per user for sites and companies with thousands of users.

A Smart Complement to Two-Factor Solutions

Wile information technology isn't a two-gene hallmark provider, Redwood City, California-based Impermium protects websites and individual users from business relationship hijacking past using proprietary statistical and machine learning models to provide threat intelligence and gamble-based authentication.

Started in 2010 by Marker Risher, who was formerly full general manager of Yahoo Mail, the company has garnered around 500,000 companies every bit clients, including CNN, Pinterest, Typepad and Tumblr.

The draw? Because Impermium monitors how people are behaving on all those many sites, including how they're using social media, the visitor is able to know if someone trying to login to a site has a blueprint of corruption or a blueprint of skilful beliefs. In that mode is able to predict if an attempted attack is likely. Basically, it sniffs out deviations in user behavior across all those online territories, looking at what devices people are using, their network and physical locations also as the social reputation of whomever is trying to login to a site.

Imperium's Accountability service monitors activity on your business organization's social networking sites.

Impermium offers two products: one for business users of software every bit a service platforms and some other that protects companies' websites.

The old, called Accountability, is a new service that monitors Twitter, Salesforce, Box, Facebook, and Marketo accounts and sends electronic mail or text message alerts to users if it detects fishy activity. For now, the beta service is costless.

Impermium'southward 2nd product, called CloudSentry, helps web-hosted applications identify suspicious beliefs.

"It integrates into the log-in flow of the site and performs analyses of the circumstances effectually someone trying to connect," Risher says. "So if you're logging in from [your usual city] from your regular iPad that yous utilize all the fourth dimension, that's a low-chance scenario and we'd place it as such. If someone is logging in with your credentials from a cybercafé in Indonesia, that is a higher-chance scenario and then we would requite that a college risk rating and propose that [a client] maybe append the account, give it some reduced privileges, or ask for a secondary authentication like Toopher."

Risher likens what Impermium offers to the alarm system that augments the locks on the front door of your house, and in that way is an important complement to two-factor hallmark solutions.

"YubiKey and Toopher… are both well regarded products that strengthen the front door. Just a site and an application needs intelligence, needs real-fourth dimension risk analyses to be able to determine [whether] even if someone has the key, should nosotros allow them in or not?"

DOWNLOAD HERE

Posted by: lynchtrachattee.blogspot.com