I spend time playing an online game and they announced today they are replacing their already tight security with something much better.
The existing method works by sending a text message to the phone you’ve registered any time that you try to play the game using a computer or browser that is not already registered.
I think most of us know how problematic passwords are – to have bunches of them and then having to keep them secure.
What Runescape didn’t mention was their new Authenticator is from Google. Roughly speaking, it is using your cellphone like the old SecureID cards used by highly sensitive accounts with strong abilities you don’t want in the wrong hands
Every 30 seconds, the app on your phone generates a new 6 digit random number based on unique values tied to your device and the account you are trying to access. Once enabled, in addition to userid and password, you have to enter the current 6 digit Code.
Google was the folks who found the Heartbleed problem, and with OpenSSL mired down in lack of resources and a weak product has taken the initiative to replace OpenSSL. Google has the brains and resources to make things happen.
Expect pressure from Google soon to lock down your Google accounts using the same technology. Just Passwords or cookie tokens isn’t good enough.
NPR broke another huge secret. Hackers can pretend to be an AT&T or Comcast “free” wifi server and your iPhone will blindly trust it. Allowing the fake wifi hotspot to snoop at everything you do using a man in the middle attack.