fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google Wants To Enable Multi-factor Authentication By Default

Google Wants To Enable Multi-factor Authentication By Default

Google strives to push all its users to start using two-factor authentication (2FA), which can block attackers from taking control of their accounts using compromised credentials or guessing their passwords.

“Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” as Mark Risher, Google’s Director of Product Management, Identity and User Security, revealed today.

This move is meant to increase Google user accounts’ security by removing the “single biggest threat” making easy to hack: passwords that are hard to remember and, even worse, easy to steal via data breaches and phishing.

In the first of this process, the company will ask users already enrolled in 2FA (aka 2-Step Verification or 2SV) to confirm their identity by tapping on a Google prompt on their smartphones whenever they sign in.

To enroll in two-factor authentication for your Google Account right now, go here and click the “Get Started” button to add an extra layer of security and block attackers from gaining access to your data.

Google two-factor authentication
Image: Google

“Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” Risher added.

Also Read: How To Comply With PDPA: A Checklist For Businesses

In January 2020, Google announced that iPhones running iOS 10 or later could be used as security keys to verify sign-ins on Chrome OS, iOS, macOS, and Windows 10 devices without pairing.

Previously, the company also made using the security key built-in Android phones running Android 7.0+ (Nougat) generally available, and allowed iOS users to verify sign-ins into Google and Google Cloud services using Android phones set up as security keys.

More information on how to set up your phone as a Google account security key can be found here.

How two-factor authentication protects your account

Once 2FA will be enabled on your account (configured to work via text/voice message codes, the Google Authenticator app, or with security keys), it will block unauthorized access by creating an extra defense layer designed to prevent malicious actors’ attempts to log in.

This means that attackers will not be able to take it over even if they manage to steal your credentials unless they also have access to your device to confirm their malicious login attempts.

With 2FA toggled on, you’ll be asked to enter your password, as usual, whenever signing into your Google account. 

However, you’ll be required to confirm your identity using a code sent via text message, voice call, or mobile app. If you have a Security Key, you can also insert it into your computer’s USB port to confirm that you are the one trying to log in.

Two-factor authentication using your phone (Google)

To put things into perspective, Director of Identity Security at Microsoft Alex Weinert said two years ago that “your password doesn’t matter, but MFA does! Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.”

Weinert also added that “use of anything beyond the password significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population.”

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

“One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past, but until then Google will continue to keep you and your passwords safe,” Risher concluded.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us