The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.
Reddit had two-factor authentication enabled on the employee accounts that was breached. The SMS-based method is susceptible to attacks, and Reddit learned that the hard way.
Two-factor authentication is a vital part of many corporate security strategies, and is now offered by lots of consumer apps, as well. We wanted to see how much users know about it, so we asked one.
Twitter now supports the use of hardware security keys for two-factor authentication, a much stronger option for users.
Facebook has changed the way people can use two-factor authentication to protect their accounts, adding authenticator apps.