OpenSSH has added support for hardware security keys that implement the U2F standard.
A proposal that would standardize the format of SMS messages being used in two-factor authentication schemes has a simple goal: make users relying on those one-time passcodes less susceptible to phishing attacks.
Mozilla will soon require add-on developers to enable 2FA for their accounts in an effort to defeat supply chain attacks.
A researcher found that some AWS authentication cookies remain valid for up to 12 hours even after a user has changed the password and logged out.
New Google research on account takeovers found that basic account hygiene can defeat the vast majority of attacks.