Account Security Archives

Security of valuable and vulnerable online available business and user’s data should be the utmost priority for the organizations. Recently, Twitter announced the approval of leveraging third party applications to support two-factor authentication (2FA) in strengthening Twitter’s users account security. Twitter announcement to support third-party 2FA apps may be seen as a major update in terms of improving security for their users.

The microblogging site is being used by millions of users including celebrities, well-known personalities and many large & small organizations across the globe. With the increasing users, large amount of user data and associated sensitive information, Twitter much needed this major security update as SMS based 2FA was not reliable and trusted. Even personalities like John McAfee, founder of McAfee, are finding themselves miserable in getting their twitter account secured and protected using existing security.

What made Twitter to upgrade its 2FA security ?

Earlier, Twitter used to deliver two-factor authentication to verify logins via SMS code, getting received on user’s registered mobile number or on mobile app. However, this 2FA method was identified with the probability of getting breached by intercepting the text messages, owing to the weakness in SS7 cell phone network, and thus these messages could be easily exploited and compromised.

Further, SMS based authentication involves the risk of getting SMS (stored in mobile and not deleted) accessed by some unauthorized user by any mean to gain account access. But, with twitter’s recent security update, users can now leverage the third-party’s two-factor authentication solutions like Google Authenticator and REVE Secure, which not only allow users to receive unique security code (that automatically gets refreshed or deleted after few seconds) on their devices, but delivers other convenient yet secure options of getting themselves authenticated.

Twitter’s rollout plan of allowing and enabling third party 2fa solutions is likely to improve the security of their users. If you are still securing your twitter account using only password or existing SMS-based authentication or protecting any other web-applications using single-factor(password) authentication, then you need to move on to a better & guaranteed 2FA solution like REVE Secure, which guarantees fullest protection to your accounts in a simplest and most effective manner.

Penetration of internet in each & every corner of the world along with the availability of useful and productive web application and service is not less than a blessing for a mankind. However, this blessing may soon turn into bane, if the lone passwords are consistently considered for securing and protecting the web accounts. Web or online accounts are stored with user’s personal and confidential data & information. Passwords are no longer competent to secure and protect organization or user’s online account information and data.

Anonymous online database explored, with the repository of more than 560 million login credentials including email addresses and stolen passwords

Above given headlines are some of the frequent news, we often come across in our daily schedule. With the soaring incidents of cyber-attack, Passwords have consistently proven to be Achilles heel in securing and protecting online data & information.

On the account of vulnerabilities associated with the passwords in securing their user’s web accounts, most of the organizations have started plumping for multi-factor authentication, generally the two-factor authentication.

2FA – Remedy to overcome password vulnerabilities

Whether you set or configure a strong or a complex (alpha-numeric-symbol combination) password for your web application and services, it can be hacked or cracked in less or more time. As such, your online accounts, protected merely by password, are always at risk and prone to malicious attacks like intrusion and data theft.

So, instead of making passwords stronger or resetting them regularly, a second & a strong layer of authentication check may be added to existing password based security.

2FA does not evaluates the user’s credibility, solely based on “what a user knows”, but with the combination of “what a user knows” + “what does a user have”.

Password and Security Tokens

This ensures that even if an attacker or a malicious user somehow managed to bypass initial password based authentication, he/she needs to authenticate his/her identity in the second authentication check via security tokens.

Why two-factor authentication for web applications is an utmost requirement?

A website may contain great amount data & information, provided or fed by a user, while navigating & using the website or during financial/non-financial transactions, made on the website. This enormous pool of data is widely distributed and stored at client’s system (web browsers like Chrome, Mozilla Firefox, Internet Explore and many more) as well as on the servers. Any unauthorized or malicious user, with the help of stolen or hacked password may easily access your system or the servers, and put your all confidential and non-confidential data on stake.

Website & web applications are most prone to cyber-attacks as these can be easily accessed by any of the user, irrespective geographical location and time zone, and using multiple devices. Securing user’s information and data must be the top priority for any of the organization.

Two-factor authentication involves dual authentication check of login’s credibility to ensure access to web application and services by the authorized user only. 2FA encapsulates password based login as initial authentication check and thereafter, security tokens based secondary authentication check to grant access to user. This will filter out and restrict/block attackers and malicious users to access 2FA protected websites and web applications.

As such, 2FA may be seen as the most reliable and trusted measure to avert and block attacks that may result into data theft and compromises.

Will the implementation of 2FA, affect the website’s performance?

Absolutely not. 2FA has nothing to do with the features, functionalities, memory usage and similar elements. 2FA will just be giving an additional & external protection to your website’s user accounts through security token based authentication.

Moreover, most of the organizations possess negative perception that implementing 2FA protection will cut down the number of users to their website, as their users may find it difficult & complex to authenticate themselves for getting access. User will hate this and many other misconceptions. This negative perception needs to be corrected.

IT Giants like Google, Apple, Yahoo, Facebook, Microsoft, Amazon, Instagram & many more are successfully leveraging the 2FA to secure the accounts of their large pool of users.

There are quite a good number of two-factor authentication solutions available in the market like REVE Secure that enumerates multiple and flexible options for the users to authenticate themselves, in a much easy and convenient manner.

Software tokens via OTPs received on mobile.
Hardware tokens via security code received on physical devices like Yubico.
Push authentication.

Further, 2FA solutions like REVE Secure deliver intuitive designing along with the excellent user-interfaces to ensure greater user-experience.

Visit 2FA for Web Apps for more information.

Overall, it is pertinent to mention here that 2FA should be seen as an indispensable part of a website or a web application to secure and protect user’s login and access in order to build and establish trust and confidence of user in accessing and using your website or web applications.

2FA for Web applications-infograhic

Tag: Account Security

Twitter to support third-party 2FA apps

What made Twitter to upgrade its 2FA security ?

Two Factor Authentication for Web Apps

Software tokens via OTPs received on mobile.

Hardware tokens via security code received on physical devices like Yubico.

Push authentication.