two-factor authentication

August 1, 2016

Social Security Administration Now Requires Two-Factor Authentication

This post was originally published on this siteThe U.S. Social Security Administration announced last week that it will now require a cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. Unfortunately, the new security measure does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven’t yet created accounts for themselves. The SSA said all new and existing ‘my Social Security’ account holders will need to provide a cell phone number. The agency said it will use the mobile numbers to send users an 8-digit code via text message that needs to be entered along […]
March 24, 2017

Phishing 101 at the School of Hard Knocks

This post was originally published on this siteA recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015. Bowling Green State University in Ohio has more than 20,000 students and faculty, and like virtually […]
May 10, 2017

SSA.GOV To Require Stronger Authentication

This post was originally published on this siteThe U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In this post, we’ll parse this a bit more and look at some additional security options for SSA users. The SSA recently updated its portal with the following message: The Social Security Administration’s message to Americans regarding the new loginchanges coming in July 2017. I read that […]
May 18, 2017

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

This post was originally published on this siteIdentity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between […]