Domain: duo.com
Stories and comments across the archive that link to duo.com.
Comments · 4
-
Re: Pepperidge Farms Remembers
If I were a CEO I sure wouldn't worry about cybersecurity because the general public doesn't seem to care. Large, outrageous breaches have become the norm. I'm not even remotely surprised anymore.
Whether or not you care isn't their primary concern. It is the affect on stock price as compared to economic indexes. Research I have seen does show these breaches are having significant negative affects on stock price. It isn't as obvious while overall stock prices are rising, but when you compare them to similar companies their stock price is not keeping up with the market.
Stock prices certainly fall in recessions too, but so does the stock price of their competitors. If things get too dire they always have their golden parachutes to save them.
-
Re:Needed it to protect my Bitcoin
I'd recommend Authy instead of Google Authenticator. It's compatible, but adds a bunch of features like multi-device support, a PC client, and encrypted backup of its database. Most importantly, it simply adds a password. If you have Google Authenticator on your phone and you don't have the lockscreen enabled (or you hand your phone to a friend with it unlocked), anyone who picks up/steals the phone can use your Google Authenticator to login to the accounts it's supposed to be protecting. With Authy, you have to enter a passcode or password to be able to use it. It's free if you use it fewer than 100 times per month. (For enterprise use, try Duo.)
-
Re:Perhaps I'm the only one
SMS is notoriously unsecure. The encryption is only between the phone and the tower. A hacker could potentially intercept the message anywhere else along the transmission route. To truly be secure, it has to be end-to-end encryption, like SSL on websites. Apple sort of has the right idea with iMessage, except they manage the end-to-end keys themselves so they (or a hacker who breaks into their servers) could potentially read your messages. It needs to be done using keys generated and stored only on the endpoint device. (Which has the obvious drawback of past messages becoming unreadable if you lose your device. The keys should be backed up onto another personal device, but because people are lazy/foolish/ignorant Apple decided to back it up on their servers.)
And even end-to-end encryption isn't completely secure. There are apps out there which when installed on your phone will surreptitiously forward a copy of all your text messages to someone else. Likewise, if you lose your phone (unheard of I know, but it happens) your security is blown. In particular, for people with Android phones, 2FA for Google accounts via SMS is just 1FA. If a thief steals your phone, it's already got access to your Google accounts. And now they're going to 2FA validate you're you by sending a text to the phone in the thief's possession?
This is the same reason I switched from Google's Authenticator 2FA app to Authy. Authenticator just runs - it assumes your phone is secure and always in your possession. Yes you can and should put a password on your phone, but sometimes you do hand your phone unlocked to other people so they can use it, or a thief can steal it from your hands while it's unlocked and you're using it. Authy at least requires you to enter a PIN or password each time you use it. -
Re:That's one way to stop bloatware!
I wouldn't be surprised if more attacks don't start targeting the installed-by-default bloatware on most home and some business PCs.
https://duo.com/blog/out-of-bo...
"The level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant - meaning, trivial."--
BMO