Blog Feed

How to Protect Your Privacy on Facebook

Posted by on 11:36 in Engineering, R&D | 0 comments

How to Protect Your Privacy on Facebook

Personal privacy protection became a popular topic in the last few months. This is especially related to the EU General Data Protection Regulation (GDPR) which has become active in May 2018 and the Cambridge Analytica fiasco. Facebook has reacted almost immediately and provided tools for protecting and viewing your personal information. In this article, we will talk about what information does Facebook collect about you, why is it dangerous, and how to protect your privacy on Facebook in order not to become the victim of next “Cambridge Analytica scandal”, as well as doxing, phishing, social engineering, and so on. To make it easier to navigate through the article, here is a list of issues we are going to cover: What does Facebook know about you Cambridge Analytica Scandal Explained How to protect your Data From Similar Future Misuse How To Make Your Facebook Profile Private General Privacy Settings Facebook Photo Privacy Settings Facebook Apps Privacy Settings Facebook Posts Privacy Settings Facebook Friends Privacy Settings Advanced Privacy Settings How To Delete Your Facebook Account What Does Facebook Know About You? We could simply say “everything”, but it’s not that easy. The information stored on Facebook depends strictly on you and the accesses you granted on your devices. Since most of us don’t always pay attention to what we let devices or apps do, if you are an active user, you are likely to be shocked by the amount of data and the details Facebook knows about you. We’ll go into types of this info, and give you some tips on how to protect your privacy on Facebook. But before this, here are the instructions on how to download the information about you on Facebook. How to get your data Log into your Facebook account and click on the arrow down in the right upper corner.   From the drop-down list choose “Settings”.   There you will see a message asking you to proceed to “Your Facebook information”. You can also find this option on the left side of the panel.   From the “Your Facebook information” page you can view and download your full history.   If you opt for downloading, it might take some time. The exact time will depend on how long have you been using the network, how active you were, and what kind of information you uploaded. The data will be provided to you in a form of a password protected zip. file. On the download page, you can also choose to have all data downloaded or just a certain period. You can as well choose types of information you want to obtain. The file can be downloaded in the HTML or JSON formats. The JSON format can be of use if you want to import the received info somewhere else. Once generated, the file will be available for download at the same page under the “Available Files” tab for four days.   | Read also: Doxing. What Is It? How to Dox? How to Protect Yourself from Doxing? Types of Personal Information Stored on Facebook The index.html file in the root of the folder opens the archive in your browser. That will allow you to navigate through everything as you would any webpage. On this webpage, you’ll find out that Facebook knows your username, real name,...

read more

Man In The Middle Attack Prevention And Detection

Posted by on 16:03 in Engineering, R&D | 2 comments

Man In The Middle Attack Prevention And Detection

In the age of being dependent on contemporary technologies, the cybersecurity issues are as vital to pay attention to as never before. We leave a huge trace of our personal identity online. Not to mention an enormous digital trail we leave in social networks when posting photos with geolocation, reposting all news and thoughts we consider important, commenting on everything that we have an opinion about. We also use online banking almost for all our payments, as well as we use e-governance services to avoid facing bureaucracy in person, etc. Remember, every byte of such sensitive data can be stolen and used against you. You can lose all your money and even more than that if you become a victim of a hacker attack. And one of the most dangerous and inconspicuous hacking techniques is man in the middle attack. If it happens when you transmit sensitive data to your bank or, for example, tax office, you won’t even understand that something wrong is going on, while the attacker will be stealing your login credentials and any other info he/she needs to hack you. In this article, we’ll explain: what is man in the middle attack how MITM Attacks are performed how to protect your company from MITM attack how to protect yourself as an average user from man in the middle attacks So, let’s begin! What Is Man In The Middle Attack? Before we start digging into how to stop man in the middle attack, we should be on the same page regarding what it is. A man in the middle attack is the digital equivalent of eavesdropping. It may occur when a device transmits data to a server or website. For instance, it may be a user’s smartphone that sends the location to the server of an app installed on it or a computer sending login credentials to the bank server. The attacker can intercept the data that is being exchanged. If the connection is not secure, the attacker won’t even have to decrypt the data. After the data gets captured, the original data is usually sent to the destination server, though in some cases the attacker can modify the information, it depends on the purpose he/she has.   Man In The Middle Attack Explained So, now let’s explain man in the middle attack in details. You could easily find yourself under a man in the middle attack before you even had your first computer. The thing is that there can be a man in the middle of any channel used for data exchange. For instance, unbeknownst to you, the mailman could take all the letters that you wrote, open the envelopes, read them, seal them in a way that it is impossible to see that someone opened the letter, and send them to the addressee. If you think “oh, I wouldn’t mind anyone knowing what I write in my letters”, think twice. What if you sent some legal papers? Or business plans? If we return to our present Internet age, think again: what data do you send to servers? It could be anything from exchanging funny memes to approving transactions via online banking systems. In the online world, a man in the middle cyber attack works in the same way. For instance, let’s imagine you connect...

read more

Cybersecurity vs. Information Security

Posted by on 18:18 in Engineering, R&D | 0 comments

Cybersecurity vs. Information Security

Currently, there is a large number of similar terminology used in the field of ensuring international information security, even sometimes without getting a generally recognized definition. The most controversial debates on global markets in the field of international information security (IIS) are more focused on the interpretation of the terms «cybersecurity» and «information security» and related semantic nuances. Telling the difference between terms like «cybersecurity» and «information security» is quite relevant, because nowadays a lot of banking regulatory agencies request banks to implement own cybersecurity systems and IIS security policies. Therefore, it is necessary to know what these definitions are, which side the threat can come from, and how it can be prevented. So, what is the difference between these two terms? Information security (sometimes shortened to InfoSec) is usually understood as the protection of information of the whole company from deliberate or accidental actions leading to damage to its owners or users. First of all, information security is aimed at risk prevention. More often, financial documents, logins and passwords for entering the network of different organizations are taken away from the companies. As it happened in July, 2017, when at the Equifax credit history bureau in the US largest personal data loss occurred. The attacker got personal information of more than 143 million consumers and 209,000 credit card numbers. All in all, on September 8, 2017, the shares of the bureau fell by 13%. While creating the program for information security the special attention should be drawn to the correct management structure you apply. InfoSec experts seek to exploit the CIA (which is the abbreviation for its three components) as a manual for developing policies and procedures for an efficient information security program. The triad components are as follows: Confidentiality: The primary objective is access limitation to information. As a case study an account routing number while banking online may be used. The encryption of data is an overall method of providing confidentiality. IDs and passwords compose a model procedure; two-factor authentication is becoming the standard. Biometric authentication, hardware and software security tokens are also popular options. Integrity: It endorses the data coherence, exactness, and reliability throughout the life cycle. Data should not vary in transit, and all actions are aimed at guaranteeing that data won’t be changed by unregistered people. Availability: Authorized users should have easy access to necessary information in case of need, and all software and hardware should be provided adequately and updated regularly. | Read also: General Data Protection Regulation Summary The CIA triad constitutes the rule sample for securing your organization. It’s three constituent elements present a strong set of safety controls in order to store and save your data. Actual kinds of information security threats: First of all and the most popular reason is employee carelessness and negligence. In 2010, the iPhone 4 prototype was left in the pub by one of the Apple employees, Gray Powell. There were still several months before the official presentation of the gadget, but one student found it and sold it for $5,000 to Gizmodo journalists, who in turn made an exclusive review of the novelty. Using pirated software. In accordance with the Microsoft research, 7% of the studied unlicensed programs contained special software for stealing passwords and personal data. DDoS-attacks (Distributed-Denial-of-Service). Usually, these attacks are...

read more

Phishing, Vishing, Smishing, Pharming – What Is the Difference

Posted by on 19:02 in Engineering, R&D | 0 comments

Phishing, Vishing, Smishing, Pharming – What Is the Difference

Recently the Internet has become an integral part of our lives. The network offers many incredible opportunities such as communication, shopping, paying bills, and various entertainments. But unfortunately not always and not everyone uses the Internet for the good of society. Due to the rapid development of numerous resources, many types of fraud have arisen that aim to obtain confidential data and use it further for personal profit. The main ones are phishing, vishing, smishing, pharming. However, to protect you personal data on the internet it’s enough to use elementary data protection rules and to know how to recognize the common threats and how to combat them. And this exactly what will be discussed in this article. Phishing Phishing is one of the most commonly used methods of Internet fraud at this time. It is a kind of obtaining secret information by an attacker who uses the well-known methods of social engineering to make the users to open their personal data themselves. This can be the number and code of a bank card, phone number, login, password, and email address from certain services. Mainly phishing is used to get access to users’ online banking accounts or e-wallets, with the further possibility of funds withdrawal to the fraudster account. So how does phishing work? A user gets a phishing-message to his mailbox that, first of all, affects his emotions. For example, this can be a notification about a big win or, on the contrary, the notification about hacking the account with the further suggestion to follow a phishing link and to enter the authorization data. A user goes to the provided resource and ‘gives away’ his login and password to the fraudster who, on his part, quickly operates with the information received.   There are several specific examples of Internet phishing: Attackers send out millions of messages on behalf of a well-known company to various emails with the request to confirm their login and password. When you click the provided URL you can see the authorization page that is absolutely identical to the page on the original resource. The trick, most likely, is hidden in the link to the site. The domain should be very similar to the real one but differ in several symbols. A similar kind of phishing messages can be also found in different social networks. Phishers can use shortcomings in the SMTP protocol to send emails with the fake “Mail From:” line. Responding to such a letter the user sends the answer directly to the offender. It is also necessary to be cautious during participating in Online Auctions and sales since the goods offered for sale even though the legal resource can be paid through a third-party fraudulent website. Many users face fictitious Internet organizations that request donations. Online shops with extremely accessible prices for branded goods can also be counterfeited. As a result, there is a chance to pay for a product that will never be received since it never existed. | Read also: Top 7 Tips How to Protect Yourself from Phishing Scams Vishing Vishing (vishing – voice+phishing) is another variety of phishing that also uses methods of social engineering, but with the help of a phone call. This is how attackers, let’s call them “vishers”, usually act: The user receives a phone call,...

read more

How to Protect Your Business Against Cyber Crime

Posted by on 18:18 in Engineering, R&D | 0 comments

How to Protect Your Business Against Cyber Crime

Is your business underestimating the impact of a potential cyber security breach? Even though cyber crime is estimated to cost businesses billions a year, a number of companies don’t understand how they could be under threat. Not sure where to start? Here’s how to protect your business against cyber crime. Understand What You’re Up Against Before taking any other action, work out how secure your business is currently. With a cyber security audit you’ll get a clear idea of where your business is right now, while identifying any potential threats. An audit should take both external and internal threats into account. For example, an employee who uses an infected home device at work can cause just as much harm as hackers. You should also back up data often to protect against the damage a cyber attack would cause. Installing malware is also an essential step to guard against cyber threats. From cookie theft to key logging, the list of potential threats can seem endless. It pays to keep updated and aware of all the risks. You should also be aware of new variants of old scams which might surface. An example of an old scam that remains a threat today is phishing, which comes in many forms and can be very deceptive. The world of cyber crime is constantly evolving, which makes it hard to keep track of. But by doing your due diligence and keeping up to date with the latest recommended practice you give your business the best chance of being protected. Implement a Cyber Security Plan After your risk assessment is mapped out, it’s time to put a strategic plan together. The first step is to implement a risk management policy, and ensuring you’ve informed all employees of the changes. Everyone associated with your organisation, including suppliers and contractors, needs to be compliant with your security plan. Anyone who isn’t should be classed as a security risk! Extra attention should be given to reviewing password policy. Ideally you would like all devices to use 2-factor authentication wherever possible. You should continue to monitor and test your security controls after your plan has been implemented. If you’re aware of any abnormal activity within your business, you need to take action against it before it’s too late. Use Security Solutions In the dark about the steps needed to protect your business? Fortunately there are a number of schemes and solutions out there to help you. In the UK there’s a government-backed Cyber Essentials scheme which protects against up to 80% of all potential cyber attacks. Alternatively, by enrolling in GCHQ Certified Training you can get an in-depth understanding of cyber security and the process of protecting your company.. These schemes cover a variety of bases, including: Ensuring your internet connection is secure. Safeguarding devices. Restricting access to your data. Providing virus protection. Reducing the threat of hacking. Therefore, while it’s essential to have your own cyber security plan in place, using existing schemes can ensure your business is as secure as possible. Be Prepared to Be Hacked Prepare for all eventualities! By preparing for a cyber attack you’ll have a much better chance of dealing with it effectively. Unfortunately, every business is a potential victim of cyber crime. Having a plan in place to deal with an attack...

read more

Doxing. What Is It? How to Dox? How to Protect Yourself from Doxing?

Posted by on 11:37 in Engineering, R&D | 0 comments

Doxing. What Is It? How to Dox? How to Protect Yourself from Doxing?

Being so used to live their lives on the internet, people usually don’t consider the after-effects of sharing the most intimate and private details. Who thinks of the danger posting the good old granny’s recipe of an apple pie, kids’ photos from the graduation show, or geo marks of the vacation trip? Nobody does until the doxers step forward to invade your privacy. What is doxing? Doxing definition The most common definition of doxing (or doxxing) is “a practice of searching and broadcasting of private authentic information about specific person or organization against their will, based on the internet technologies, evil-minded as a general rule”. In some sources doxing is also identified as a powerful cyber-weapon with incredible aiming range which points its virtual guns at the far-out targets. Origin of the term There are two theories about the origin of this term: The word dox originates from “dropping dox”, a hackers’ society slang for gathering a dossier for the purpose of revenge. One of the first official mentions of the term was in 2003 when ransomware (doxware) blocking the personal data with an extortion following appeared. The etymology of the word doxing is just out of slangish documents/docs. Who can become the victim? Considering that the information is gathered not only out of public sources, aka social media accounts and comments & online chats. And it won’t be only you (the person who blundered the information out), but also your friends and relatives, and other possible contacts, who will be perused and doxed out. Not to mention the fact that doxing tools can involve some hacking techniques with doxing through the IP or sniffing… We come to the deplorable conclusion: in actual fact, ANYONE can become the doxing victim. In 2017 the group of scientists from NYU and University of Illinois presented the report about doxing at the ACM Internet Measurement Conference, London. They found that most doxes include highly identifying information of the victims and their family members, such as their full legal names, phone numbers, real postal and IP addresses, online social networking accounts, and so on. The data they’ve introduced are embarrassing and shocking. Even though the average target type was the American male gamers in their 20s, it is absolutely clear, that everybody is involved. | Read also: Top 7 Tips How to Protect Yourself from Phishing Scams Is doxing illegal? A difficult question to discuss, as all the law-connected points tend to be ambiguous. In case the information was found in some public open source and republished without significant harm, it is usually not considered to be cognizable by the court. When someone was doxed with the intention of further harassment, and the dox attack resulted into pain, suffering, and loss of amenity, or even in personal injury in some cases, it is considered as illegal activity. Though, the US lawyer, publicist, and activist Susan Basco has a reasonable opinion of doxing being illegal in any case, whenever it is exercised against public employees or ordinary nationals. The United States has federal laws protecting public officers from deliberate doxing. At the same time, any dox attack on an ordinary person might be treated as harassment, cyberstalking, threats, etc., depending on the specific state legislation. There were attempts of misinformation actions, convincing doxing is...

read more

Data Protection in Universities under GDPR

Posted by on 18:54 in Engineering, R&D | 0 comments

Data Protection in Universities under GDPR

Educational institutions and their data protection departments handle and process a huge volume of personal data. Confidential information about employees, students, and applicants is often stored in databases with an extremely low level of data protection. Most institutions pay too little attention to potential dangers of a data breach. Along with that, the budgets for data protection in universities leave much to be desired. But unfortunately, an effective approach to data management and security is a rare find among educational establishments. The attention is mainly paid to the things that are more obvious but less risky. According to Breach Level Index Report, in 2015 nearly 100 breaches were recorded in education. This number is stunning if to take into account that the total number of breaches that year was around 970. More than 10% of all breaches occurred in universities. But it’s time to remember that in the digital era, information plays a vital role. It is the core of our entire lives, and lack of data protection has the potential to damage businesses, industries or even destroy human lives. The indifference to data breach issues is inevitably becoming obsolete. And when General Data Protection Regulation (GDPR) enters into force, this issue will be ignored no more. “We’re all going to have to change how we think about data protection.” – Elizabeth Denham – UK Information Commissioner Why Data Protection in Universities Matters? Why is the data protection in universities so important? It’s simple, the concentration of vital data in the educational institutions is so high, that possible breach would definitely lead to reputation damage and losing a lot of money. The list of sensitive data in educational establishments can vary depending on their specialization, size, and functions. But, first of all, university data protection systems have to take care of these three crucial aspects: Staff and students personal information. Names, addresses, emails, phone numbers, emergency contact details, dates of birth, academic qualifications, details of any disabilities and criminal convictions, etc. Payments data. Information about transactions, payments recipients and senders, etc. Scientific research data. Just think about it: how can intellectual leaders hold their positions if they lose the important data and scientific results? These people should take care of the mankind knowledge, not of potential fraud and cyber attacks. University data security systems face the same issues and risks as any other organization. For example, two most common sources of risks both for universities and any other organization are poor passwords and downloading files from unsafe websites. Consequently, data protection rules in universities are similar to those of any other organization. There is the data protection act that mainly regulates what is personal data and how to protect them. But also there are some specific considerable weaknesses that attract hackers’ interest in educational institutions and need to be solved as soon as possible. Here they are. | Read also: 10 Steps to Eliminate Digital Security Risks in Fintech Project 1. Inconsistent Regulation There is no approved set of official rules to regulate university data protection. It should be mentioned that there are some particular regulations, like academic records regulation, PII regulation and PCI rules, or medical records regulation, additionally, national laws have an impact on university data protection guidelines. But these pieces of legislation are not put together...

read more

General Data Protection Regulation Summary

Posted by on 15:54 in Engineering, R&D | 0 comments

General Data Protection Regulation Summary

May, 25 will certainly be a key date for the history of the European Union. On this day, the new version of General Data Protection Regulation (GDPR) will take full force. It expands both Controllers and Processors’ commitments to the data privacy issues. According to the rules this document activates, all the companies and organizations across the EU will have to enhance their transparency and accountability measures. To put it simply, unless they are ready to receive a fine of up to 20 million euros in accordance with the new General Data Protection Regulation, they will need to revise their security policies and launch new data protection measures to reduce the risks of a data breach. As every business is unique and has its own system of protective measures, it is impossible to predict what you as an entrepreneur will have to do to be perfectly ready for the EU GDPR compliance. However, in this article, we will tell you more about the principles of General Data Protection Regulation 2018 and propose a short GDPR summary of changes so that you can understand what actions you should undertake. 10 facts your company needs to note about the GDPR GDPR concerns you, anyway. The most crucial fact about the General Data Protection Regulation of 2018 is that it applies to all organizations across the world processing any data of the citizens of the European Union. It is actually the first regulation of the European Union that will expand its legitimacy upon non-affiliated countries. Authors of the new law believe that it will change the way of dealing with personal information in the whole world. GDPR offers a new understanding of “personal data”. It has always been rather difficult to identify a piece of information as “private” or not. With new regulations coming into force, the notion of personal data will broaden even more. For example, the GDPR changes include expansion of its protective function on location data and online markers (such as IP address and cookie files, as it takes into regard the cloud-based nature of many modern organizations). Moreover, it identifies genetic and biometric data, such as gene sequences or fingerprints, as sensitive information. Valid consent is more important than ever. According to the GDPR of May 2018, companies will have to ensure the conditions of their agreements are written in very clear and precise terms. What is more, the client’s inactivity will not mean consent by default. The organizations must explain what kinds of personal data they will collect and why. Without clear personal consent, it will be impossible to use this information. Please welcome DPO – Data Protection Officer. In accordance with the European data privacy regulation a new person of authority called Data Protection Officer should be created in companies to deal with the personal data. The GDPR principles aren’t based on the number of the company’s employees working with the personal information, as it was widely accepted before. They concentrate on the processes of data usage instead. For that reason, definite specialists should be assigned to control them. Data Protection Impact Assessments. General Data Protection Regulation text also includes the issue of activating obligatory PIAs (privacy impact assessments) that can indicate the risks of collecting and processing sensitive data. PIAs will be required in situations...

read more

Strong Customer Authentication According To PSD2: Summary & Checklist

Posted by on 16:03 in Engineering, R&D | 0 comments

Strong Customer Authentication According To PSD2: Summary & Checklist

The changes that are guaranteed to transform the EU financial market have finally arrived. On January 13, 2018, the second Payment Services Directive (commonly known as PSD2) came into force in the European Union. In this article, we’ve gathered all the information on PSD2 security and strong customer authentication requirements to help the existing and future companies to get ready for these changes. So let’s get started with our comprehensive PSD2 summary! Note: in case you are afraid of getting lost in all the abbreviations and legal terms, check out our glossary for PSD2 in the knowledge base at the bottom and download PSD2 security requirements checklist here. How PSD2 Regulation Impacts Fintech PSD2 is going to influence every bank, consumer and fintech company based within the EU’s borders or even outside the EU (in case they make transactions with banks, companies or consumers that are located in the EU). Thus, if one party that takes part in a transaction is located in the EU, the transaction falls under PSD2 requirements. Before diving into the understanding of PSD2 impact on fintech industry, we need to be on the same page regarding the directive’s objectives. We can distinguish three main PSD2 objectives pursued by establishing a single standardized payments system: enforce equal opportunities to succeed in the market for all payment service providers; make the payments system more transparent and more secure against fraud; stimulate implementing innovative fintech solutions. Online payment will continue to play an ever-growing and significant role in the development of e-commerce as well as the stimulation of consumer demand. Lucy Peng, CEO, Ant Financial Services, Alibaba Group But how is PSD2 going to influence fintech industry? First and foremost, from now on, third parties that provide payments services are legally recognized as new players in the market and are regulated accordingly by PSD2. Named Third Party Providers (TPPs), they don’t hold any payment accounts or enter into possession of any funds being transferred. There are two types of Third Party Providers (TPPs), as stated in the PSD2 directive: Account Information Service Providers (AISPs): these are the companies that accumulate data regarding different consumer accounts in one or several different banks. Their primary task is to provide the users with visualized information about their accounts in a convenient way. A wide range of other features can be implemented here, mainly the ones concerning filtering and analyzing data. Payment Initiation Service Providers (PISPs): these are the companies that have a permission to initiate PSD2 payments between the consumer and the bank on the consumer’s behalf. This allows TPPs to facilitate online banking payments. Image source: wso2.com The Bright Side. The pros of PSD2 implications for TPPs are obvious: the traditional financial institutions (banks) are required to open their APIs to TPPs, which allows open competition between TPPs and banks on equal terms. Besides, it opens the floor to PSD2 blockchain solutions that can be revolutionary. All the barriers that could be an advantage for traditional financial institutions are now gone. TPPs are no more operating in the ‘gray area’ of the market, now they are protected by this piece of legislation and have certain rights. Besides, by accessing the banks’ APIs, TPPs can use the data produced by banks without having to acquire the needed infrastructure that banks...

read more

10 Most Popular Two-Factor Authentication Apps Compared

Posted by on 21:55 in Engineering, R&D | 0 comments

10 Most Popular Two-Factor Authentication Apps Compared

This article discusses two-factor authentication apps, which feature different functionalities, are based on different principles but serve one purpose – reliable protection of access to sensitive information. Today, we will try to review some of the most popular applications for one-time passwords generation from the Google Play market and two hardware OTP tokens that can replace two-factor authentication apps. There are a lot of convenient or security-oriented features that the apps’ and OTP tokens’ authors offer. Let’s finally figure out some of the pros and cons of each. Turn on all security features like two-factor authentication. People who do that generally don’t get hacked. Don’t care? You will when you get hacked. Do the same for your email and other social services, too. Robert Scoble Google Authenticator Google two-factor authentication app is probably the most popular and best known among 2FA evangelists. It’s free, handy, and offered on many websites by default. Let’s have a look at its features: User-friendly. Google Authenticator has decisive, easy to use, clear UI (user interface) that even a child would find informative. Besides, it should be noted that the software works on almost all versions of Android and takes no more than 2 MB, which is significant for owners of phones with a small amount of RAM. TOTP and HOTP algorithms. Google Authenticator app supports both Time-based One-Time Password (TOTP) and HMAC-based one-time password (HOTP) OTP generation algorithms, which allows using it with more resources. TOTP is more widespread and reliable – this is an algorithm in which time is used as one of the parameters for one-time passwords generation. Though there are still websites using HOTP algorithm where the counter is used to compute the passwords. The lifetime of all OTP passwords generated according to TOTP or HOTP algorithms is 60 seconds, i.e. every minute a new password is created. No need for network connection.The use of such OTP generation algorithms allows Google Authenticator to work without the network connection. The same one-time passwords would be generated on your smartphone without access to the Internet or cellular network and on the authentication server (in client-server paradigm), if the one-time passwords match, you get access to your account. Many accounts in one place. You can use one app for all your accounts on different websites as well as for your multiple accounts on one website. This is very convenient when compared with SMS authentication, but mind that you may have a lot of troubles when losing or wiping a phone if you don’t take care of Google Authenticator backup. Are there any drawbacks in Google Authenticator? Here we have some black clouds above the app: There is no built-in possibility to backup your data. It means that the users must renew information each time they change the phone or account. They say it’s not quite convenient to use this app if you turn on 2-factor authentication for more than 4 websites. Four one-time passwords are enough to occupy the whole screen and if you have, for example, 12 accounts, you won’t see all passwords at a glance. Google two-factor authentication app could be the most known one, but let’s be honest – there are many other analogs on the market today. | Read also: Will Google’s Authentication without Passwords Be Safe? Authy 2-Factor...

read more
Share This