Latest 2FA news

Bitwarden launches new MFA Authenticator app for iOS, Android

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices.
- Bill Toulas
- May 02, 2024
- 04:20 PM
- 5
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.
- Bill Toulas
- March 25, 2024
- 12:56 PM
- 3
Payoneer accounts in Argentina hacked in 2FA bypass attacks

Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.
- Bill Toulas
- January 19, 2024
- 03:28 PM
- 0
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only

The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app.
- Bill Toulas
- January 08, 2024
- 01:07 PM
- 4
GitHub warns users to enable 2FA before upcoming deadline

GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts.
- Mayank Parmar
- December 26, 2023
- 04:03 PM
- 3
New phishing attack steals your Instagram backup codes to bypass 2FA

A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.
- Bill Toulas
- December 20, 2023
- 02:35 PM
- 2
Steam enforces SMS verification to curb malware-ridden updates

Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes. This is to deal with a recent outbreak of malicious updates pushing malware from compromised publisher accounts.
- Bill Toulas
- October 15, 2023
- 11:12 AM
- 4
PyPI announces mandatory use of 2FA for all software publishers

The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year.
- Bill Toulas
- May 28, 2023
- 10:09 AM
- 0
Google will add End-to-End encryption to Google Authenticator

Google is bringing end-to-end encryption to Google Authenticator cloud backups after researchers warned users against synchronizing 2FA codes with their Google accounts.
- Lawrence Abrams
- April 26, 2023
- 05:11 PM
- 4
Google Authenticator now backs up your 2FA codes to the cloud

The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords (OTPs) to their Google Accounts and have multi-device support.
- Bill Toulas
- April 25, 2023
- 10:39 AM
- 5
GitHub makes 2FA mandatory next week for active developers

GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts beginning next week, on March 13.
- Sergiu Gatlan
- March 09, 2023
- 12:00 PM
- 0
Apple iOS 16.3 arrives with support for hardware security keys

Apple released iOS 16.3 today with long-awaited support for hardware security keys to provide extra protection against phishing attacks and unauthorized access to your devices.
- Lawrence Abrams
- January 23, 2023
- 05:56 PM
- 0
CircleCI's hack caused by malware stealing engineer's 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing access to the company's internal systems.
- Lawrence Abrams
- January 14, 2023
- 05:28 PM
- 0
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.
- Lawrence Abrams
- December 22, 2022
- 02:32 PM
- 15
GitHub to require all users to enable 2FA by the end of 2023

GitHub will require all users who contribute code on the platform to enable two-factor authentication (2FA) as an additional protection measure on their accounts by the end of 2023.
- Bill Toulas
- December 15, 2022
- 03:16 PM
- 4
Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat

A crypto-stealing phishing campaign is underway to bypass multi-factor authentication and gain access to accounts on Coinbase, MetaMask, Crypto.com, and KuCoin and steal cryptocurrency.
- Bill Toulas
- November 21, 2022
- 05:16 PM
- 2
Hackers stealing GitHub accounts using fake CircleCI notifications

GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.
- Bill Toulas
- September 22, 2022
- 09:40 AM
- 0
Okta one-time MFA passcodes exposed in Twilio cyberattack

The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from customers of Okta identity and access management company.
- Ionut Ilascu
- August 28, 2022
- 01:15 PM
- 0
Twilio breach let hackers gain access to Authy 2FA accounts

Twilio's investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices.
- Ionut Ilascu
- August 26, 2022
- 12:20 PM
- 3
Twilio hackers hit over 130 orgs in massive Okta phishing attack

Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts.
- Bill Toulas
- August 25, 2022
- 10:53 AM
- 0