New Commit Suggest Face Authentication to be a System Level Part of Android

Android P Developer Preview 2 - May 2018

A new commit in the Android Open Source Project (AOSP) repository suggests that facial authentication is coming to Android as a system level API.  It could mean that from system point of view, Android P could well allow for facial authentication on devices, assuming of course that the hardware to do so is built into the device.

Currently, for manufactures to support facial authentication (like OnePlus for example), they have to build their own app and leverage existing APIs, mostly around the fingerprint authentication.  That works, obviously, but it isn’t as optimized as it could be and it is dependent upon OEMs to build the supporting software & hardware to make it happen.  This commit would more-or-less standardize things for Android.

Continue reading “New Commit Suggest Face Authentication to be a System Level Part of Android”

iOS 11.4 to Bring a Lockdown of Lightening Connection to Charging Only Without Passcodes

iOS Logo

It appears that once again Apple is upping device security with the upcoming release of iOS 11.4.  In a new report on Elcomsoft indicates that when the new build of iOS rolls out, it will come with a Lightening Connection lockdown that requires the device to unlocked or the password/fingerprint to be entered every seven days.  The feature is meant to prevent tethering a device to a PC or Mac and brute force cracking the device to gain access.

The feature first appeared in iOS 11.3 but was dropped during the beta testing.  It reappeared in 11.4 and, to this point, has pretty much gone unnoticed until now.  What this means is after 7 days, if the device hasn’t been unlocked either with biometrics or a password, the Lightening connector becomes a charging port only.  No data is transmitted to or from the device by the connected laptop.

Continue reading “iOS 11.4 to Bring a Lockdown of Lightening Connection to Charging Only Without Passcodes”

Microsoft Authenticator App Gets a UI Update and GDPR Compliance

Microsoft Authenticator for Android

The 2-factor authentication app from Microsoft, Microsoft Authenticator, has a new update rolling out that brings a slightly refreshed look to the app as well as compliance with the new General Data Protection Regulation (GDPR) directive in the European Union.  The new update is version 6.2.26 for those keeping score at home and it has been released to the Play Store.

As for the new look, it is a slight one compared to the older version of the app.  Now an account is shaded grey if it isn’t setup for identify verification and is only used to access organizational resources.

Continue reading “Microsoft Authenticator App Gets a UI Update and GDPR Compliance”

G Suite Adds Security Key Support for All Customers

Google G Suite

Google has announced that physical USB security key support is coming to all version of G Suite over the next few weeks.  Support of security keys, to this point, has been limited to Enterprise level customers.  That is changing as all variants of the service will be gaining support.

Security Keys are a physical USB key that you plug into a device that gives you access to it.  It is perhaps the ultimate in 2-Factor authentication.  Yubico is perhaps the most well known of these types of keys and they are readily available at low cost.

Continue reading “G Suite Adds Security Key Support for All Customers”

Twitter Now Supporting Third Party Two Factor Authentication Apps

Twitter for Android

Twitter has finally begun allowing users to use 3rd party two factor authentication apps to verify their identity.  The new feature is rolling out to users accounts online and you can now select the default SMS authentication or a 3rd party authentication tool.

In April, the social micro blogging site rolled out SMS authentication that allowed users to have an authentication code texted to them when they were logging into their account.  That is still enabled by default but you now have the option to use a 3rd party app like Google Authenticator to verify your identity.   The feature requires that you log into your Twitter account online, then go to Settings & Privacy in your account settings.  There you can setup an authentication app.

Continue reading “Twitter Now Supporting Third Party Two Factor Authentication Apps”

Microsoft Authenticator Adds Fingerprint Support

Microsoft Authenticator for Android

Microsoft Authenticator, the 2-factor verification app from the Redmond company, has a nice update rolling out to it for users.  The new build, version 6.1.7 for those keeping score at home, brings fingerprint authentication to the app.  What this will allow you to do is approve a login request by tapping the fingerprint scanner on your phone and not require you to enter the six digit code to approve it.  It is all aimed at keeping things easier but also secure.

If you haven’t tried Microsoft Authenticator, it works how you would expect a 2-factor app to work but it does so with a bit more flare by having avatars for your accounts.  For example, you have the Facebook logo for your Facebook account, or the Google “G” with your Google account.  It also has a nice, 30 second countdown clock next to each code so you know when it is about to expire.

Continue reading “Microsoft Authenticator Adds Fingerprint Support”

LastPass Now Free Across Unlimited Devices

One of the best password management apps out there, LastPass, has given everyone a reason to be happy:  They have lowered their price to… free!  The even better news, they haven’t stripped the app down to the barebones either.  The free app now gives you the ability to sync your password and other secure content to your phone, PC, Chrome extension and tablet.  To this point, that sync feature was part of the premium package for the app (which was a quite affordable $1/month).

From the company’s blog

I’m thrilled to announce that, starting today, you can use LastPass on any device, anywhere, for free. No matter where you need your passwords – on your desktop, laptop, tablet, or phone – you can rely on LastPass to sync them for you, for free. Anything you save to LastPass on one device is instantly available to you on any other device you use.

If you have been looking for a password management app, you need to seriously consider LastPass as an option.

Continue reading “LastPass Now Free Across Unlimited Devices”

Microsoft Edge More Secure Than Google Chrome According to NSS

In a report from NSS Labs, the research company found that Microsoft Edge, the latest browser from the Redmond company, is more secure against phishing and malware than both Google Chrome and Mozilla’s Firefox.  The set of reports, which can be downloaded here, tested three current versions of each browser over the months of September and October to get the results which will likely come as a surprise to some.  The versions tested for the reports were:

  • Google Chrome 53.0.2785
  • Mozilla Firefox 48.0.2
  • Microsoft Edge 38.14393.0.0

The first report focused on phishing where Edge achieved a 91.4% over the course of 12 days of testing at the NSS Labs in Austin, Texas in recognizing phishing URLs presented to it.  Chrome was at 82.4% while Firefox came in at 81.4%.  This is an important consideration in choosing a browser given the social engineering nature of phishing attacks which can lead to compromised accounts for users.

Continue reading “Microsoft Edge More Secure Than Google Chrome According to NSS”