Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Google slides text message 2FA a little closer to the door


Text messages aren't a great way to implement two-factor authentication, but it's a technique that's stubbornly persistent. Now Google has decided to push things along by pushing its alternative into production.

The Chocolate Factory's alternative is called "Google Prompt". Instead of sending users a one-time code in a text message, it asks users if they are trying to sign in. If they are, in they go. If they're not expecting the login prompt, down come the shutters.

Prompt first landed as a trial back in July, replacing 2FA with an app. As the company explained here, TXT-based 2FA is susceptible to phishing, so a prompt improves security.

Infosec bods have long warned that 2FA-by-text was insecure. Last year, NIST said it should be deprecated, and the problems were made manifest in May when attackers started exploiting Signalling System 7 (SS7) vulnerabilities to steal 2FA-protected logins.

Last month, Positive Technologies named gmail as one service still vulnerable to...(continued)

View All Trending Stories