Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: authentic Clear Filter

Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

bleepingcomputer.com Unknown 2025-10-13 22:32:05

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. The company's Azure MFA enforcement efforts were announced in May 2024 when Redmond began implementing mandatory MFA for all users signing into Azure to administer resources. One year ago, in August 2024, Microsoft also warned Entra global admins to enable MFA for their tenants by October 15, 2024, to ensure users don't lose access to admin portals. After comple

Topics: authentication azure mfa microsoft sign
Read More
Shop Amazon

I'm ditching passwords for passkeys for one reason - and it's not what you think

zdnet.com David Gewirtz 2025-10-19 14:47:00

Elyse Betters Picaro / ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Adoption of passkeys is fragmented across sites and devices. Users still need passwords for recovery and new device setup. Phishing protection makes passkeys worth adding, despite confusion. OK. Fine. I've finally decided to embrace passkeys. But why does it feel so icky? As you probably know, passkeys are the tech industry's answer to The Password Problem. Unlike password data, which

Topics: authentication passkey passkeys password sites
Read More
Shop Amazon

Amazon disrupts Russian APT29 hackers targeting Microsoft 365

bleepingcomputer.com Unknown 2025-10-23 22:35:06

Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data. Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets "to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code authentication flow." The Midnight Blizzard threat actor has been linked to Russia

Topics: amazon apt29 authentication cloudflare threat
Read More
Shop Amazon

De-Googling TOTP Authenticator Codes

news.ycombinator.com Imran Nazar 2025-10-23 21:52:03

Back to Articles 1st Sep 2025 In the ongoing effort to extricate myself from Google's services, I've been paring down my usage of their apps on my (admittedly Android) phone. I'm now down to two Google apps I use regularly: Maps (for traffic data) and Authenticator (for TOTP [A] Time-based One Time Password codes). Now, I spend most of my time in a terminal window on MacOS or connected to a Linux machine; it'd be nice if I could get TOTPs on the command-line, and it turns out there's a utilit

Topics: authenticator code data google qr
Read More
Shop Amazon

Google shares workarounds for auth failures on ChromeOS devices

bleepingcomputer.com Unknown 2025-10-27 18:30:07

Google is working to resolve authentication issues affecting some ChromeOS devices, which are preventing affected users from signing into their Clever and ClassLink accounts. As the company explains in a recently updated incident report on the Google Workspace Status Dashboard, these authentication failures impact devices running version 16328.55.0 with Chrome browser version 139.0.7258.137. These issues are disrupting Single Sign-On access to Clever and ClassLink educational partner platforms

Topics: authentication devices google users version
Read More
Shop Amazon

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

bleepingcomputer.com Unknown 2025-11-24 23:14:23

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts. Although the attack doesn't prove a vulnerability in FIDO itself, it shows that the syste

Topics: authentication fido login phishing user
Read More
Shop Amazon

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

news.ycombinator.com Unknown 2025-11-24 23:26:02

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts. Although the attack doesn't prove a vulnerability in FIDO itself, it shows that the syste

Topics: authentication fido login phishing user
Read More
Shop Amazon

Why I ditched Google Authenticator for Proton's new 2FA app - and how to set it up

zdnet.com Jack Wallen 2025-11-28 18:23:00

Proton / Elyse Betters Picaro / ZDNET ZDNET's key takeaways The makers of Proton VPN have released a 2FA app. The app is available for all major platforms. Proton Authenticator is easy to use, elegant, and free. Unless you're using passkeys, two-factor authentication should be considered a must for security and privacy. If your primary access to the internet is your phone, you are probably using a tool like Authy or Google Authenticator. But what about when you're on the desktop? What do y

Topics: app authenticator desktop proton use
Read More
Shop Amazon

Scientists hid secret codes in light to combat video fakes

arstechnica.com Unknown 2025-12-01 09:45:56

It's easier than ever to manipulate video footage to deceive the viewer and increasingly difficult for fact checkers to detect such manipulations. Cornell University scientists developed a new weapon in this ongoing arms race: software that codes a "watermark" into light fluctuations, which in turn can reveal when the footage has been tampered with. The researchers presented the breakthrough over the weekend at SIGGRAPH 2025 in Vancouver, British Columbia, and published a scientific paper in Jun

Topics: authentic authors footage information video
Read More
Shop Amazon

Zero-day flaws in authentication, identity, authorization in HashiCorp Vault

news.ycombinator.com Written By 2025-12-05 04:01:42

Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, services, APIs, and data. They’re not just a part of the trust model, they are the trust model. In other words, if your vault is compromised, your infrastructure is already lost. Driven by the understanding that vaults are high-value targets for attackers, our research team at Cyata set out to conduct

Topics: authentication code mfa root vault
Read More
Shop Amazon

Cracking the Vault: How we found zero-day flaws in HashiCorp Vault

news.ycombinator.com Written By 2025-12-07 16:01:42

Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, services, APIs, and data. They’re not just a part of the trust model, they are the trust model. In other words, if your vault is compromised, your infrastructure is already lost. Driven by the understanding that vaults are high-value targets for attackers, our research team at Cyata set out to conduct

Topics: authentication code mfa root vault
Read More
Shop Amazon

New Plague Linux malware stealthily maintains SSH access

bleepingcomputer.com Unknown 2025-12-15 04:42:06

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. Nextron Systems security researchers, who identified the malware and dubbed it "Plague," describe it as a malicious Pluggable Authentication Module (PAM) that uses layered obfuscation techniques and environment tampering to avoid detection by traditional security tools. This malware features anti-debugging capabilities to

Topics: authentication environment linux malware obfuscation
Read More
Shop Amazon

Microsoft Authenticator won't manage your passwords anymore - or most passkeys

zdnet.com David Berlind 2025-12-18 12:02:54

D3Damon/Getty Images For most of this year, Microsoft has been warning users that they will no longer be able to use its Authenticator mobile application for user ID and password management. As reported by CNET on July 29, 2025, "In June, the company stopped letting users add passwords to Authenticator…. And starting Aug. 1, you'll no longer be able to use saved passwords." Also: How passkeys work: The complete guide to your inevitable passwordless future To me, the dire warnings of this pend

Topics: authenticator edge microsoft passkey passkeys
Read More
Shop Amazon

Proton now offers a two-factor authentication app

9to5mac.com Marcus Mendes 2025-12-19 04:18:36

Things have been busy for the privacy-first company, Proton. Just last week, they released the AI chatbot Lumo, and today, the company rolled out Proton Authenticator, its open-source and multiplatform 2FA app. What’s 2FA again? Two-factor authentication is a login method that adds an extra layer of security to further make sure that you are the legitimate owner of the account you’re trying to access. With 2FA activated, you’re usually asked for a code from a 2FA app after entering your passwo

Topics: 2fa app authenticator code proton
Read More
Shop Amazon

Proton launches free and open-source Authenticator app to take on Google and Microsoft

techspot.com Kishalaya Kundu 2025-12-19 14:20:00

What just happened? Swiss technology company Proton has expanded its privacy-focused software lineup with the launch of Proton Authenticator, a free and open-source two-factor authentication app. Best known for its encrypted webmail service, Proton also offers a VPN, password manager, cloud storage, and an online document editor. Proton Authenticator is positioned as a privacy-focused alternative to authentication apps from Google, Microsoft, Authy, and Duo. It replaces legacy SMS-based verific

Topics: app authentication authenticator proton users
Read More
Shop Amazon

Proton just dropped a 2FA app that does a few things others don’t

androidauthority.com Unknown 2025-12-19 22:49:08

Tushar Mehta / Android Authority TL;DR Proton Authenticator is a new free, open-source 2FA app for mobile and desktop. It supports encrypted multi-device sync, local-only storage, and easy import/export of 2FA tokens. The app works with or without a Proton account and avoids things like ads and trackers. Authenticator apps are a great way to help keep your accounts secure, but some of them come with annoying trade-offs. That could be ads, missing features, or making it hard to switch to anot

Topics: 2fa app authenticator like proton
Read More
Shop Amazon

Proton launches free standalone cross-platform Authenticator app

bleepingcomputer.com Unknown 2025-12-20 04:00:00

Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. 2FA authenticator apps are offline tools that generate time-based one-time passwords (TOTPs) that expire every 30 seconds, and which can be used alongside passwords when logging into online accounts, providing the second factor authentication. Proton is a Swiss technology company known for privacy-focused end-to-end encrypted services like Proton

Topics: 2fa apps authenticator end proton
Read More
Shop Amazon

Proton releases a new app for two-factor authentication

techcrunch.com Ivan Mehta 2025-12-21 04:00:00

Privacy-focused productivity tool company Proton released a new authenticator app today, allowing users to log in to services using dynamically generated two-factor authentication codes. The free app is available on all platforms starting today, including iOS, Android, Windows, macOS, and Linux. The app allows users to sync codes and accounts across devices. The company said that just like its other products, Proton Authenticator is open source and uses end-to-end encryption to protect user dat

Topics: app authentication codes proton users
Read More
Shop Amazon

Microsoft Will Wipe Out Your Passwords on Aug. 1. What to Do Now

cnet.com See Full Bio 2026-01-07 18:15:00

Microsoft is getting rid of passwords in less than two weeks. On Aug. 1, the Microsoft Authenticator app will no longer store or manage passwords, which could be a problem for a lot of users. Microsoft Authenticator has been one of the best password managers for years. You were able to save passwords, enable two-factor authentication and auto-fill. This change means that if you're using the Authenticator app as a password manager, you'll need to look for another option soon. At the same time,

Topics: authenticator microsoft passkey password passwords
Read More
Shop Amazon

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

bleepingcomputer.com Unknown 2026-01-11 15:41:49

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ large-volume phishing attacks for financial fraud. In the past, distributing emails containing crypto seed phrases used to drain cryptocurrency wallets. In the recent phishing attack observed by Expel, the PoisonSeed threat actors

Topics: authentication device key phishing security
Read More
Shop Amazon

Microsoft Will Erase Your Passwords in 2 Weeks: What to Do Now

cnet.com See Full Bio 2026-01-11 11:00:00

Microsoft is axing passwords starting in August -- and if you use its Authenticator app, you'll want to be prepared. For years, Microsoft Authenticator has been a go-to for managing multifactor authentication and saved passwords. However, starting next month, it will no longer support passwords and will move to passkeys instead. That means your logins will soon rely more on things like PINs, fingerprint scans or facial recognition. Using a passkey can make your account safer, and it's a move I

Topics: authenticator microsoft passkey password passwords
Read More
Shop Amazon

UK ties GRU to stealthy Microsoft 365 credential-stealing malware

bleepingcomputer.com Unknown 2026-01-12 18:39:40

The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that allow access to a target's email account. The malware was observed in use in 2023 and runs inside the Outlook process and produ

Topics: antics authentic malware ncsc uk
Read More
Shop Amazon

Gmail's backup codes are useless to access account

news.ycombinator.com Unknown 2026-01-13 09:32:55

Ok, I have a work account on Gmail. Having the experience of being locked out of Gmail previously (endless loop of "You are entering the correct password but we're not sure that it is you, try again later"), I created a 2fa via Google Authenticator and set up Backup Codes and thought I'm safe from them asking me to sign in on another device or enter sms code (I don't carry that phone with me). So, one sunny day I decided to add standard iOS mail app to this account, and lo, an hour after connec

Topics: account authenticator codes don enter
Read More
Shop Amazon

Pull Interactions from POSSEd Content

news.ycombinator.com Gabriele Girelli 2026-01-13 00:06:41

I just introduced a new feature on the website! 🎉 As usual, whenever content is POSSEd (Publish (on your) Own Site, Syndicate Elsewhere), you will find links to the syndicated content at the bottom of the page. Now, you will also see a small link to “toggle the interaction crawler”. This will open (or hide) a small form, where you can select available (and supported) social media platforms to crawl for interaction counts. This is in line with what I was discussing a few weeks ago about webmen

Topics: api authentication content interaction requests
Read More
Shop Amazon

Forget passwords often? Android may soon let you disable Failed Authentication Lock (APK teardown)

androidauthority.com Unknown 2026-01-21 14:09:36

Mishaal Rahman / Android Authority TL;DR Android 15 and newer devices include a Failed Authentication Lock feature that locks the device screen after detecting multiple failed login attempts in apps or settings. Unlike other theft protection features, this feature is enabled by default on all devices, and there’s currently no way for users to turn it off. Google may soon add a new option to the theft protection settings that will allow users to turn off Failed Authentication Lock. In additio

Topics: android authentication failed features lock
Read More
Shop Amazon

Microsoft Plans to Purge Passwords — Here's How to Protect Yours

cnet.com See Full Bio 2026-01-25 08:00:00

Microsoft is moving closer to a password-free future, and if you're still using the Authenticator app to manage logins, big changes are coming fast. Starting Aug. 1, the app will no longer support passwords at all. This shift has already been in motion-new password creation was disabled in June, and autofill support was cut off in July. For years, Microsoft Authenticator was a go-to for managing both multi-factor authentication and saved passwords. But now, it's being refocused to support passk

Topics: authenticator microsoft passkey password passwords
Read More
Shop Amazon

How passkeys work: Going passwordless with public key cryptography

zdnet.com David Berlind 2026-01-25 11:00:00

Vitalii Gulenok/Getty Images For the last five years, the FIDO Alliance -- led by Apple, Microsoft, and Google (with other companies in tow) -- has been blazing a trail toward a future where passwords are no longer necessary in order to login to our favorite websites and apps. This so-called passwordless future is based on a new form of login credential known as the passkey, which itself is largely based on another technology -- public key cryptography -- that's been around for decades. Why t

Topics: authenticator key party passkey relying
Read More
Shop Amazon

How passkeys work: Let's start the passkey registration process

zdnet.com David Berlind 2026-01-28 06:00:00

Photoraidz/Getty Images Previously on our passkey journey, I talked about the challenge of figuring out if a relying party -- typically, the operator of a website or app -- even offers the ability to sign in with a passkey instead of the more traditional and less secure username and password-based approach. Some of the biggest relying parties in the world -- including Apple, Google, and Microsoft -- support passkeys as a means of passwordless authentication. Together, these tech giants can int

Topics: authenticator party passkey password relying
Read More
Shop Amazon

The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It

bleepingcomputer.com Unknown 2026-02-01 23:02:12

Still getting login codes via text or authenticator apps? You’re not alone—and that’s a big problem. What used to feel like a smart security layer is now one of the easiest ways for attackers to gain access to your accounts. First we were told to use SMS for MFA. Then we were told: “Don’t use SMS for MFA, use an authenticator app instead.” And while that may seem like a step forward, it’s still fundamentally flawed. Authenticator apps do improve over SMS by avoiding message interception, but t

Topics: authenticator mfa sms token use
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3672 apple 3045 new 2421 google 2039 content 1738
Popular
like 1508 company 1433 pro 1341 iphone 1181 app 1134 zdnet 1119 said 1072 data 1055 does 912 reviews 897
Emerging
editorial 876 amazon 864 game 811 samsung 781 phone 768 pixel 762 android 743 just 725 users 689 available 687
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]