New two-factor authentication library shows us most secure services online
Following the high-profile hijack and ransom of the @N username on Twitter, software engineer Josh Davis has created a website to show users which services offer two-factor authentication -- and which do not.
Email accounts, social media and online retailers all store our personal information, ranging from telephone numbers to credit card data, if we choose to use the service. However, not all services offer heightened security features such as two-factor authentication, the use of an additional method to verify your identity if you try and access an account.
For example, online retail giant Amazon sticks with a password-only approach, whereas PayPal gives users the option to tie their mobile number to an account, sending a code which must be input in addition to a password if you try to log in. If you've been the victim of a phishing campaign and have mistakenly input your details, these types of security checks can help prevent your accounts from being hijacked.
In the case of @N, as noted in a blog post written by Davis over the weekend, Naoki Hiroshima's valuable and rare Twitter handle was taken over after a hacker used social engineering tactics to find out the details of Hiroshima's credit card, which was later used to gain access to a GoDaddy account -- leverage to force Hiroshima to release his Twitter handle.
"About a month ago I was going through the process of looking for a new domain registrar to transfer my domains to. My number one criteria was a secure registrar," Davis said. "Although I don't own a rare Twitter handle, it was scary to think about how the extortion of Naoki Hiroshima was possible just because of a lost domain name. Although GoDaddy does support two-factor auth, if Naoki had been using it for PayPal, his PayPal account would have been compromised as well."
As a result, the software engineer and computer science student decided to create a website dedicated to comparing two-factor authentication services offered -- and missing -- from the most popular email, retail, social, financial, developer, and communication services, giving us a quick way to find out which services are most secure.
TwoFactorAuth.org is the result. Popular services in each category are displayed, and a marker indicates whether they support two-factor authentication or not. In addition, a Twitter button lets you tweet out to companies to demand they support this security standard. The system is open source, and by going over to GitHub repo you can contribute websites and add comments.
Davis commented:
"If every website that ends up on TwoFactorAuth.org ends up in the green and my website becomes pointless, then that is only a success in my vision.
Here's to hoping that more sites will put the security of their customers first and invest in two factor auth."