Tag Archives: authentication
Facebook announced today that YubiKey & FIDO U2F will be protecting Facebook suers. Congratulations, if you have a U2F YubiKey! So how do you set it up to protect your Facebook account? Follow these instructions and you’ll be protected with the simplicity of YubiKey two-factor authentication in no time! The following ‘How to’ was provided by Yubico.
Here is how you setup your YubiKey with Facebook:
- Latest version of Google Chrome browser (or at least version 38) or Opera browser
- A FIDO U2F Security Key by Yubico, YubiKey 4, YubiKey 4 Nano, YubiKey NEO*, or other Yubico U2F-enabled YubiKey
- A Facebook account
*YubiKey NEO requires firmware version 3.3 or later (available since October 2014)
SETTING UP YOUR FACEBOOK ACCOUNT
- In Google Chrome or Opera, log in to Facebook.
- Click the arrow at the top right, and then click Settings.
- In the Security Settings page, in the left pane, click Security.
- Next to Login Approvals, click Edit.
- Under Code Generator, click the link to set up a third party app to generate codes.
- Scan the QR code with your favourite authenticator app that you use to generate codes (or enter the secret key manually, if required).
Google recently introduced a new setting for 2-Step Verification (2SV). They are hoping the new setting called ‘Google prompt’ will make it easier for more people to use multi-factor authentication security. Currently, 2SV allows you tap a Security Key (such as the U2F YubiKey) as well as entering a verification code sent to your mobile phone. You can also use the Google Authenticator app.
Google prompt allows you to approve by tapping a ‘Yes’ prompt that will pop up on your mobile phone. You can access 2-Step Verification from your computer, Android device or iPhone, but only if you have a Google account. In addition Android devices will require the latest Google Play Services (2SV is part of Play Services) and iPhone 5S or later the Google Search app.
It’s important to note that the Google prompt setting is designed as an alternative second step to either using a Security Key or receiving a voice or text message.
The process below is the same whether you use an Android device, iPhone 5S (or later) or computer.
How to enable Google prompt
- Settings > Google > Sign in & security > Sign in to Google https://myaccount.google.com/security
The Android Twitter app (up to and including the latest version 5.36.0 available on Google Play) allows users to setup ‘Login verification’ which requires a mobile number to verify all login requests to Twitter mobile or Web apps.
‘Login verification’ will allow you to manage who and where a login request was made. Note: You will only be able to login to Twitter mobile or Web with the device you set up ‘Login verification’ with. If you lose your mobile then you can visit https://twitter.com/settings/devices and delete your device (you will also have to login).
Let’s now set up ‘Login verification’:
- Open > Android app and tap > Settings (top right)
- Tap > Settings > then tap > @(your twitter name)
- Scroll down and tap > Security – you will now see a prompt “You must have a phone associated with your Twitter a/c to use this feature”
- Click > Add phone and the native browser opens to https://mobile.twitter.com/session/new which will ask you for your Twitter login credentials
- Type in your Twitter username and password then tap > Login
- Next go to > Settings and register your mobile number and click > Save (use + before your number)
Google is looking to add an additional layer of security to its Google Apps service (which is for business and enterprises not consumers) by blocking unauthorised use of these services. Users of Google Apps will be required to to verify their identity with a SMS if Google detects a suspicious login.
The suspicious login attempt might occur when you attempt to login from a different country for example. Not all users will have signed up for this service i.e providing a mobile number. If you haven’t shared your number with Google, Google will prompt you to share it if a suspicious login is detected. If your mobile phone doesn’t is unavailable due to poor reception then there will be an alternative challenge. I’m not sure what this will be right now. Might be Web based (see bootnote).
Google will send your mobile device a challenge code via SMS to verify that it is you that is attempting to login to one of Google’s Web Apps. For those of you who don’t know, Google Apps comes with a $50 per-person-per-year cost which allows people to use Gmail, Google Calendar, Google Docs, Google Sheets, and Google Slides. Google knows that the personal identifier is the mobile device, so it makes sense to roll out a two factor authentication service for Apps.
Several users have contacted me regarding problems connecting to Google Play “My apps”. The problem involves a well documented “Authentication is required. You need to sign into your Google Account.” This is a bug. It occurs if you have more than one Google account. The problem happens if your primary account isn’t authenticating, and the Google Play app decides the other account(s) are primary. This causes an authentication conflict.
You have two options to fix this problem.
- Remove the non-primary account linked to your Google Play account – tap and hold and tap > Remove account
- Remove all accounts in > Settings > Accounts > Google – as above
- Once you remove the accounts, reboot the device
- Once device has re-booted add your primary Google account (you will need your email and password)
You might also experience the above problem if you have one Google account. If you do, you can choose to remove the offending account as above and add the primary account after reboot. Various forum comments suggest using the “Stop” function in running apps (this is meant to clear the cached background process) > tap “SHOW CACHED PROCESSES” for Google Play Store (his was done on a Nexus 5 running 4.4.2) but this will not work.