Free VPN App Investigation
https://www.top10vpn.com/free-vpn-app-investigation/
Over half of the most popular free VPN apps are run by secretive companies with hidden Chinese ownership. Very few do enough to earn the trust of the privacy-conscious.
kryptering
Facebook won’t let you opt out of its phone number ‘look up’ setting - TechCrunch
https://techcrunch.com/2019/03/03/facebook-phone-number-look-up/
Users are complaining that the phone number Facebook hassled them to use to secure their account with two-factor authentication has also been associated with their user profile — which anyone can use to “look up” their profile.
Worse, Facebook doesn’t give you an option to opt-out.
W3C approves WebAuthn as the web standard for password-free logins
The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys.
Facebook Allows Users to Look Up Others With Their Two-Factor Authentication Phone Number, With No Opt-Out — Pixel Envy
Automated phishing attack tool bypasses 2FA protection
https://www.grahamcluley.com/automated-phishing-attack-tool-bypasses-2fa-protection/
but don’t let Modlishka make you give up on 2FA just yet…
Fortnite security issue would have granted hackers access to accounts - ZDNet
https://www.zdnet.com/article/fortnite-security-issue-would-have-granted-hackers-access-to-accounts/
Check Point recommends that Fortnite players enable two-factor authentication (2FA) for their accounts.
Australia passes sweeping anti-encryption bill giving police power to implant malware and insert backdoors, despite opposition from experts, tech companies - TechCrunch
Major SMS security lapse is a reminder to use authenticator apps instead - The Verge
anyone could have monitored a near-real-time data stream to find the relevant two-factor authentication code sent after trying to log into someone else’s account.
Introducing 1Password for Democracy
https://blog.1password.com/introducing-1password-for-democracy/
Whether you’re running for office, ensuring elections run fairly, or protecting people’s rights, we’d like to offer you a completely free 1Password account to thank you for the essential work you do for society.
Reddit Breach Highlights Limits of SMS-Based Authentication — Krebs on Security
https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/
Of particular note is that although the Reddit employee accounts tied to the breach were protected by SMS-based two-factor authentication, the intruder(s) managed to intercept that second factor.