Skip to content

Where Cybersecurity and Privacy Meet Society

About us
Copyright Policy
Privacy Notice

Search for:

Join or Write for CyberPrivacy

We respect your privacy. We will never share your information.

Email Address:

Follow CyberPrivacy on WordPress.com

Knowledge base

Marília Wyatt: A Farewell Letter to Readers November 24, 2019
Reddit Urges Users To Switch To Token-Based Authentication August 1, 2018
AI Tool Makes It Easier for Users to Grasp Privacy Policies July 9, 2018
Thousands of Apps for Kids Insecurely Transmit Data, Report Says June 4, 2018
Political Scientists Examine Cyberattacks Implications On Human Psyche September 20, 2017
A Brief History of Information Privacy Law February 10, 2017
New Research Reveals Top Five Impediments to Cybersecurity Framework Implementation January 5, 2017
The Evolution of Politically Motivated Distributed Denial of Service Attacks January 5, 2016
“Privacy”, The Stanford Encyclopedia of Philosophy August 9, 2013

Blogroll

A Cypherpunk's Manifesto
Addressing The Deficit in Cybersecurity Workforce & National Policy
Advice from a Hacker on Picking a Good Password
Biased Algorithms Are Everywhere, and No One Seems to Care
China’s Ministry of State Security Likely Influences National Network Vulnerability Publications
Choosing The Perfect Computer
CIO Quick Takes: What You Need to Know about Women in Tech
Cisco Turns To The Education Sector For Cybersecurity Experts
Cobalt VP Caroline Wong To Women Considering Cybersecurity: 'Do It'
Computers at Risk: Safe Computing in the Information Age
Cyber Attack Survival Guide
Cyber-Attacks Take Aim at Universities Across US
Cybercrime/Hacker Terminology
Cybersecurity Dictionary
Cybersecurity for Critical Energy Infrastructure
CyberWar Threat
Cyphernomicon
Educational Software Rings in Big Bucks at Expense of Students
Following Student Suicides, Administrators Balance Privacy and Transparency
Girl Scouts Can Now Seek Cybersecurity Badges
Hackers, By Steven Levy, Examines History & Culture of Early Computing
Have You Looked at Your Cybersecurity Strategy Lately?
How Does a Data Breach Happen?
How to Become a Full-Blown Privacy Fanatic With Purism's Librem Laptop
How to Set Up and Use a VPN
How to Turn Every Employee into a Cybersecurity Expert
Improving Cybersecurity Governance In The Boardroom
It’s Creepy, But Not Illegal, For This Website To Provide All Your Public Info To Anyone
List of Data Brokers and Opt Out Info
Malware Hunter: New Service From Search Engine Shodan Finds Malware Servers
Pearson: No Profits Left Behind Even When Results Don’t Measure Up
Petya 2017 Was A Wiper Not A Ransomware
Phishing with Unicode Domains
Politics Intrude as Cybersecurity Firms Hunt Foreign Spies
Privacy in the Information Age Is Not a Lost Cause
Request for Confidentiality of Your Rutgers' Student Directory Information
Risk-Based Approaches to Cybersecurity
Senators Offer Bill To Boost Security Of Internet-Connected Devices
Smart Farming May Increase Cyber Targeting Against US Food and Agriculture Sector
Smart TVs Are Spying On You Through Your Phone
Supreme Court: Hacking Conviction Stands for Man Who Didn’t Hack Computer
Tactical Cybersecurity Checklist
The Bootlegger, the Wiretap, and the Beginning of Privacy
The Brutal Fight to Mine Your Data and Sell It to Your Boss
The Digital Vigilantes Who Hack Back
The Drone as Privacy Catalyst
The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
Think Like a Hacker, Defend Like a Ninja
Trump Budget Includes Big Money For Cybersecurity
UN Finds Cybersecurity Is A Struggle Worldwide
Understanding The Dark Web & How it Factors Into Cybersecurity
Universities like Rutgers are Frequent Targets for Cyber-Attacks
Untangling the Tangled Web of Cybersecurity Disclosure Requirements: A Practical Guide
Use This Tool to Check if You have Been Pwned
What Is A Fileless Attack? How Attackers Invade Systems Without Installing Software
Why Algorithmic Transparency is Important
Why Privacy Matters Even if You Have 'Nothing to Hide'
Why VPN adoption Will How & How It’ll Keep Pace with Demand

Archives

Archives

Reddit Urges Users To Switch To Token-Based Authentication

Posted on August 1, 2018November 15, 2018 by Marília Wyatt

The CyberPrivacy Brief:

The security incident disclosed Wednesday by social media network Reddit verifies how attackers can intercept text messages or SMS-based two-factor authentication that delivers unique code to compromise accounts.
Impacted user data includes email addresses and a 2007 database backup that had old salted and hashed passwords.
Attackers also had read access to storage systems, including Reddit source code, internal logs, configuration files and other employee workspace files.

“We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” Reddit said in its announcement. “We point this out to encourage everyone here to move to token-based [two-factor authentication].”

For years, security researchers have said that phone authentication apps or hardware tokens that generate One-Time Password (OTP) in addition to the traditional credentials may be the more secure method of authentication than SMS-based authentication, which can be highjacked providing attackers access to accounts.

Further Reading:

Side-Channel Attacks on the Yubikey 2 One-Time Password Generator

Share this:

LinkedIn
Reddit
Facebook
Pinterest
Twitter
Email

Like this:

Like Loading...

Categories: authentication, Privacy, Security

Please leave us a comment Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

Notify me of new comments via email.

Notify me of new posts via email.

Δ

Post navigation

PreviousAI Tool Makes It Easier for Users to Grasp Privacy Policies

NextMarília Wyatt: A Farewell Letter to Readers

Follow Following
- CyberPrivacy
- Already have a WordPress.com account? Log in now.

%d bloggers like this: