Google has released a fully open-source two-factor authentication (2FA) security key implementation called OpenSK

"Written in Rust, OpenSK supports both FIDO2 and FIDO U2F standards, and promises to allow security key manufacturers, researchers, and anyone else interested in better security for online accounts to make their own security keys with innovative features, just by flashing a firmware on a Nordic chip dongle.

Under the hood, OpenSK runs on TockOS, an embedded operating system that provides the isolation needed between the security key applet, kernel, and drivers to create defense in depth..."

While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.

"In the ever-escalating arms race between attackers and defenders, the latest defense to crumble under fire is two-factor authentication (2FA). Hackers have become increasingly successful in using social engineering techniques that defeat 2FA and let them take control of victim accounts.

Many of these attacks, however, including account takeover using SIM-jacked phone numbers, can be thwarted by restructuring part of the authentication process, using a minor modification to existing methods..."

What is TOTP MFA?
Security Boulevard, February 7th, 2020
Organizations concerned about identity security need to make multi-factor authentication (MFA) a standard practice for their users

"MFA is one of the most effective security methods for blocking unauthorized account takeovers. There are several types of MFA, but before we talk about TOTP MFA specifically, let's talk about MFA in general and why it's so effective at securing user accounts.

What is MFA?

MFA (also called two-factor authentication or 2FA) is the practice of requiring additional authentication factors beyond the standard username-password combination most authentication mechanisms require. If that credential combo is compromised for any reason, MFA acts as the final barrier between an attacker and their prize: the critical data housed within an organization's network. Since compromised credentials are the leading source of breaches, an additional layer of security through MFA works wonders. In fact, Symantec found that 80% of recent breaches could have been prevented with the addition of MFA..."

This should be the year when you finally stop procrastinating the idea of installing a password manager

"While following good account practices such as using strong passwords, taking advantage of a password manager to create complex and unique passwords for different accounts, and avoiding the use of dictionary passwords, ensures your account security to a greater extent, there are instances when even accounts with strong passwords pose a risk of account compromise.

For such instances, having another layer of security on your account (say, Two-Factor Authentication), in addition to a strong password, further ensures that your account is less susceptible to attacks. So, to help you do that here's a guide on how to enable Two-Factor Authentication across different social platforms like Facebook, Instagram, and Twitter..."

See all Archived IT - MFA articles See all articles from this issue