A couple of days back, Samsung released the first software update for the Galaxy S23 series. The rollout began in Europe. But the company has wasted no time to bring it to other regions. The update is now available for Galaxy S23 users in Asia and Africa as well, including in Samsung‘s homeland South Korea. We expect the company to release the update in the US over the next few days.
Galaxy S23 units sold in Europe, Asia, and Africa bear the same model number (SM-S911B for the base model, SM-S916B for the Plus, and SM-S918B for the Ultra). So the updated firmware version for the phones in these regions is the same — S91*BXXU1AWBD. But the South Korean versions ship with the model number SM-S91*N. The latest update comes with firmware version S91*NKSU1AWBD in the country.
The story is similar for Galaxy S23 phones in Taiwan, Hong Kong, and China as well. The new Samsung flagships bear the model number SM-S91*0 in these markets. Users are getting the new update with the firmware build number S91*0ZHU1AWBD. But regardless of the firmware version, the latest update for the Galaxy S23, Galaxy S23+, and Galaxy S23 Ultra has the same changelog everywhere.
The February update for the Galaxy S23 reaches more markets
Samsung’s changelog for the first firmware release for the Galaxy S23 series doesn’t go into detail. It only states that the package contains some optimizations and the February 2023 Android security patch. The latest SMR (Security Maintenance Release) patches more than 50 vulnerabilities.
Samsung’s security bulletin says seven of those are Galaxy-specific. Those vulnerabilities don’t exist in Android devices from other brands. They patch flaws in Fingerprint TA, Secure Folder, and other systems apps and services.
The remaining 40-odd vulnerabilities patched by this month’s security update are part of Google’s latest ASB (Android Security Bulletin). They patch flaws in Android OS and other partner components. The Android maker labeled five of those as critical vulnerabilities that could potentially allow remote code execution if a threat actor exploited them in the wild. It could pave the way for them to remotely control your phone.
If you are one of the early buyers of Samsung’s latest flagships, you might want to install this update as soon as possible to stay safe from these vulnerabilities. You can go to the Software update menu in the Settings app and tap on Download and install to check for updates manually or wait for a notification prompting you to download the update. For users in the US, we will let you know when Samsung releases the update stateside.
Baseball is back. America’s pastime is starting this month with Spring Training, and then Opening Day in late March. So how can you watch all of the action? Well that is what we are here to tell you.
Will the Houston Astros make it back to the World Series in October? Well, we have over 162 games to find out. The baseball season is quite long, lasting from April (technically, March 30) through September. With the playoffs lasting through October and the World Series at the very end of the month. Last year, we saw the Houston Astros take on the Philadelphia Phillies and win 4-2 in a six-game series. Can they repeat?
When is opening day?
Opening Day is set to take place on March 30, 2023. This year, all 30 MLB teams will be playing on Opening Day. That’s the first time since 1968 that every team has played on Opening Day, which is quite shocking. Here’s the full schedule for Opening Day.
Atlanta Braves at Washington Nationals – 1:05 p.m. ET
San Francisco Giants at New York Yankees – 1:05 p.m
Baltimore Orioles at Boston Red Sox – 2:10 p.m.
Milwaukee Brewers at Chicago Cubs – 2:20 p.m.
Detroit Tigers at Tampa Bay Rays – 3:10 p.m.
Philadelphia Phillies at Texas Rangers – 4:05 p.m.
Pittsburgh Pirates at Cincinnati Reds – 4:10 p.m.
Colorado Rockies at San Diego Padres – 4:10 p.m.
Toronto Blue Jays at St. Louis Cardinals – 4:10 p.m.
Minnesota Twins at Kansas City Royals – 4:10 p.m.
New York Mets at Miami Marlins – 4:10 p.m.
Chicago White Sox at Houston Astros – 7:08 p.m.
Los Angeles Angels at Oakland Athletics – 10:07 p.m.
Arizona Diamondbacks at Los Angeles Dodgers – 10:10 p.m.
Cleveland Guardians at Seattle Mariners – 10:10 p.m.
What channels show MLB games?
The majority of the games are going to be on regional sports networks or RSNs. So depending on where you live, you might be able to get that from YouTube TV, FuboTV or DIRECTV Stream. Bally Sports RSNs for example are only on FuboTV and DIRECTV Stream.
What about the national games? Well, those are typically on Fox, FS1, TBS, ESPN, MLB Network or Apple TV Plus. Fox, FS1, TBS and ESPN are available on most streaming TV platforms. MLB Network is available on many, but not all – for example, YouTube TV just removed it for the 2023 season.
Now when it comes to Apple TV Plus, subscribers can watch Friday Night Baseball each Friday throughout the season. Apple TV Plus has two games each Friday. Some are on at the same time, while others will be doubleheaders.
How to watch the MLB without cable
Now lets talk about how you can watch the MLB without cable. The best option will be MLB.TV, if you want to watch multiple teams. But if you want to watch your home team (and you live in that market), then your local RSN is going to be the best option.
MLB.TV
MLB.TV is great because it allows you to watch every single game throughout the league. But there is one catch. Local games are not available on MLB.TV. That means that if you live in the Seattle market, you can’t watch Mariners games on MLB.TV. So it’s not quite a replacement for having the RSN available that plays the Mariners games. But if you’ve moved, and want to watch the Red Sox in Seattle, then it’s a good option.
MLB.TV is not going to be cheap though. The full season will be $149, or 119 if you want a single team. You can also pay monthly for $25/month, but that comes out to being a lot more expensive. MLB.TV does also include minor league and spring training games.
YouTube TV
YouTube TV is my personal favorite for watching sports, even though they don’t have Bally Sports RSNs. YouTube TV does have FOX, FS1, TBS and ESPN however. And as noted before, they have dropped the MLB Network, effective for 2023. So you get the majority of the nationally televised games on YouTube TV.
As far as RSNs go, YouTube TV does have the NBC Sports RSNs, but not Bally Sports. NBC Sports is available in a few markets. One of the best parts of having YouTube TV is that you can record every single game. Since it gives you unlimited cloud DVR.
FuboTV
FuboTV is a service that is built for sports. It has a lot of great sports networks available, but for Baseball, it carries all of the networks. And it has also just added Bally Sports RSNs once again. Though some of those RSNs won’t be available until the baseball season starts in April, so you might miss out on spring training.
FuboTV does start at $74.99, so it is more expensive than YouTube TV. But that does get you over 147 channels, along with 1,000 hours of cloud DVR included. It does offer a free trial which you can check out here.
DIRECTV Stream
DIRECTV Stream also has all of the channels for nationally televised games. And it starts at $74.99 per month as well. However, if you want to get the RSNs that will cost you a bit more. You would need their $99/month plan that includes the RSNs, and that does include Bally Sports.
DIRECTV Stream’s Choice package includes 105 channels, allows you to stream on unlimited devices in your home and gives you unlimited cloud DVR storage like YouTube TV does. You can sign up for DIRECTV Stream here.
Sling TV
Sling TV is the cheapest option here. It starts at just $40 per month. And with the Sling Orange package, you’ll get access to ESPN and TBS. With Sling Blue you’ll get FOX (in select areas) and FS1. Or you can get both packages for $45 per month.
MLB Network is available as a add-on. In the Sports Extra add-on, you’ll get the SEC Network, ACC Network, Longhorn Network, Pac-12 Network, ESPN-U, ESPNEWS, MLB Network, NBA TV, beinSports, Tennis Channel, NHL Network and the MLB Strike Zone for $11 per month. So to get all of those networks, you’ll need to pay $56 per month. And Sling TV does not have any RSNs.
Hulu + Live TV
Hulu + Live TV is another good option here. It does include ESPN, FOX, FS1 and TBS for the national games. But it does not have the MLB Network. It also has some RSNs, but not Bally Sports. So keep that in mind.
Hulu does start at $69.99, which does include ESPN+, as well as 85 of the top cable channels, unlimited screens, the Hulu library and unlimited DVR. You can sign up here.
There’s never a dull moment with TikTok. Even if there are periods of calm, sooner or later, there is always a new conspiracy or dangerous trend that revolves around the dangerously popular social platform. So much so that state officials are politely asking Big Tech to outright ban TikTok.
The company behind the short form video platform doesn’t take this sitting down though. And while they could retaliate and fight this move, they opted for peace and transparency. The company outright invited officials to examine their business and algorithm as closely as they want to.
Now, in an attempt to prove their claim to that invitation, the company has unveiled the integration of a brand new API — Application Programming Interface, think of it as a mini-software that does a specific thing — which provides public data on accounts and content to researchers worldwide.
TikTok has over a billion downloads on GooglePlay alone.
While this includes both state researchers and nonprofit organizations, the worldwide part is a bit of a goal, as the API is currently available in the US only. And is that any wonder, considering that the States is where TikTok gets the most blame, as its popularity is skyrocketing with American youths?
The API has already received feedback from Content and Safety Advisory Councils and that feedback has even been implemented. TikTok public relations states that the company is looking forward to receiving more feedback in the future from nonprofit researchers too.
But what type of data will these researchers have access to? Well, here’s a breakdown:
Public user profile data, like usernames
Public content data, like comments, captions subtitles
Performance data, meaning likes, views and favorites
Public data for keywords and their performance
Not at all malicious or user-threatening. Neat! Basically, this sounds like a compilation of everything that you can find on the platform itself, but presented in a way that does not require weeks of tracking in order to find everything you may need.
The API is live now, and if you are part of a nonprofit organization that may need stats like those mentioned above, the application process is available here. While we can’t say that this will help TikTok leave the deep waters the company has found itself in, we are eager to see how things will go from here on out.
Cybercriminals can breach the security of your home WiFi and potentially cause you significant harm. Your home network may be used by malicious cyber actors to access sensitive, private, and personal data.
The National Security Agency published best practices for securing your home network to assist you in protecting yourself, your family, and your work by engaging in cybersecurity-aware behaviors.
Adopt the Following Mitigations to Your Home Network
Upgrade and update all equipment and software regularly, including routing devices.
Exercise secure habits by backing up your data and disconnecting devices when connections are not needed.
Limit administration to the internal network only.
Checklist To Secure Home Wi-Fi Network
To minimize the danger of compromise, all electronic computing equipment, including computers, laptops, printers, smartphones, tablets, security cameras, household appliances, automobiles, and other “Internet of Things” (IoT) devices, must be secured.
Further, by adopting the most recent version of an OS that is supported for desktops, laptops, and mobile devices, you can make it more difficult for an adversary to obtain privileged access. IoT devices connected to a home network are frequently overlooked but also need updates.
NSA recommends turning on the automatic update feature. Download and install patches and updates from a trusted vendor once a month if automated updates are not possible.
“To maximize administrative control over the routing and wireless features of your home network, consider using a personally owned routing device that connects to the ISP-provided modem/router”, recommends NSA.
Also, for network separation from your more reliable and private gadgets, use modern router features to set up a separate wireless network for visitors.
“To minimize vulnerabilities and improve security, the routing devices on your home network should be updated to the latest patches, preferably through automatic updates. These devices should also be replaced when they reach end-of-life (EOL) for support”, NSA.
Make sure your personal or ISP-provided WAP is capable of Wi-Fi Protected Access 3 to keep your wireless communications private (WPA3). You can use WPA2/3 if any of the devices on your network do not support WPA3.
NSA mentions that to keep wireless communication secure on your home network, use network segmentation. Your wireless network should be segmented at a minimum into your primary Wi-Fi, guest Wi-Fi, and IoT network.
Make sure your personal router can perform the most basic firewall functions. In order to prevent internal systems from being scanned over the network boundary, make sure it has network address translation (NAT). Make sure your router has IPv6 firewall support if your ISP accepts it.
Use security software with anti-virus, anti-phishing, anti-malware, safe surfing, and firewall features for a layered defense.
“Passwords should be strong, unique for each account, and difficult to guess. Passwords and answers to challenge questions should not be stored in plain text form on the system or anywhere a malicious actor might have access. Using a password manager is highly recommended”, NSA.
It is important to disable the ability to perform remote administration on the routing device. Only make network configuration changes from within your internal network.
NSA suggests scheduling weekly reboots of your routing device, smartphones, and computers. Regular reboots help to remove implants and ensure security.
Using a virtual private network (VPN) to remotely connect to your internal corporate network via a secure tunnel is one solution for securely accessing work information. This provides an added layer of security while allowing you to take advantage of services normally offered to on-site users.
Hackers may use email as a method of attack. Use a unique password for each account, avoid clicking attachments or links in unwanted emails, and more. Unless absolutely required, avoid using the out-of-office message option. Use secure email protocols at all times, especially when connected to a wireless network.
“If you must access the Internet while away from home, avoid direct use of public wireless. When possible, use a corporate or personal Wi-Fi hotspot with strong authentication and encryption”, says NSA.
The NSA offered advice on its ‘Information Sheet’ about how to protect wireless devices, phone or video communications, IPsec Virtual Private Networks, as well as how to minimize the dangers associated with location tracking.
Hosting and domain name company GoDaddy says it believes a “sophisticated threat actor group” has been subjecting the company to a multi-year attack campaign.
Hosting and domain name company GoDaddy says it believes a “sophisticated threat actor group” has been subjecting the company to a multi-year attack campaign, the most recent of which occurred in December 2022.
In December, it received complaints about customer websites being periodically redirected to malicious sites. It turned out malware caused the redirection after threat actors compromised GoDaddy’s cPanel shared hosting servers. How the attackers got in remains a mystery.
“As our investigation continued, we discovered that an unauthorized third party had gained access to servers in our cPanel shared hosting environment and installed malware causing the intermittent redirection of customer websites. Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.”
The company also said it believes that previous breaches in March 2020 and November 2021 were part of the multi-year attack campaign from the same threat actor group.
In March 2020, an attacker compromised 28,000 hosting account login credentials belonging to customers and some GoDaddy employees. Then, in November 2021, 1.2 million Managed WordPress hosting environments were compromised. The stolen data included email addresses, original WordPress admin credentials, database credentials, and private keys.
GoDaddy said it’s working on the ongoing issue:
“We are working with multiple law enforcement agencies around the world, in addition to forensics experts, to further investigate the issue. As we continue to monitor their behavior and block attempts from this criminal organization, we are actively collecting evidence and information regarding their tactics and techniques to help law enforcement.”
Make sure your hosting account is secure
If you are using GoDaddy or other hosting services, now is a good time to review your credentials and ensure your account is as locked up as possible. The guideline below is for GoDaddy customers:
Remotely log out of your account. If you think your hosting account has been compromised, doing this will sign you and the possible attacker out from accounts opened on different devices and browsers.
Use a password manager, which will help you create long and complicated passwords without having to commit them to memory. Password managers also help you avoid phishing sites by not filling in credential fields if you mistakenly end up on a phishing page you can’t distinguish from the real thing.
Change your Support PIN. You can find this on your GoDaddy Login & PIN page.
Change all your hosting-related email credentials and FTP passwords.
Use two-factor authentication (if you’re not using it already) for that extra layer of protection for your account.
Change the payment methods you have stored in your account, and delete those you don’t use. It would also be good to keep an eye on your bank account transactions and be ready to flag those that are fraudulent.
A recent report claims that Apple iOS 16.5 could be the last significant update before Apple announces iOS 17 at WWDC in June.
Apple recently released the first iOS 16.4 beta with several new features to developers and public testers.
For example, the update includes support for web push notifications, new emojis, and an improved Podcast app. It also comes with a change to prevent iPhone users from accessing the iOS 17 developer beta for free.
However, a recent MacRumors report indicates that Apple is already testing iOS 16.5 internally. “Apple ramped up testing of iOS 16.5 internally this month, according to mounting evidence of the update in our website’s analytics logs,” says Joe Rossignol of MacRumors.
So what should we expect from the forthcoming iOS version? Well, that’s unclear at the moment. However, the publication suggests that it could be any of the previously-announced features, such as:
Apple Card savings account
Apple Music Classical app
iMessage Contact Key Verification
Apple Pay Later
Rossignol also believes that iOS 16.5 could be the last notable update before the iOS 17 announcement in June. So what should we expect from iOS 17?
What to Expect from Forthcoming iOS 17
Earlier in the week, Bloomberg’s Mark Gurman said he hasn’t heard “anything especially game-changing” about iOS 17. However, the WWDC is still in June, and more notable features could leak in the coming months.
That said, the iOS 17 is expected to allow third-party app stores on the iPhone in Europe — following the Digital Markets Act. Gurman claimed in a previous report that Apple could implement the change in a later version of iOS 17.
Besides allowing alternative app stores, iOS 17 could also introduce a new CarPlay standard that integrates deeper with vehicle functions. Brands expected to ship with the next-gen CarPlay include Acura, Audi, Ford, Honda, Mercedes-Benz, Nissan, Porsche, and Volvo.
OnePlus just announced its latest flagship phone, the OnePlus 11. It’s set to make an appearance at MWC along with some other products. While we’re excited about that device, we can’t forget about the mid-ranger that the company is launching. Thanks to MySmartPrice, we have a leak of the OnePlus Nord 3.
OnePlus‘ Nord phones are the company’s mid-range and budget offerings. They consist of a wide range of products, and the most powerful of those devices are the Nord phones without the “N” moniker. The OnePlus Nord 3 is meant to blur the line between a mid-range phone and a flagship phone.
We have a leak of the OnePlus Nord 3
We should be getting close to an official announcement for this phone, as we’ve just gotten a leak of it. In the leak, we see the phone from both the front and the back. Also, it shows the phone in two colors.
Looking at the phone, we see that it will have a similar design to 2021’s OnePlus Nord 2. On the back of the phone, we see the rounded rectangular camera package. In it, we see three sensors along with the flash. We don’t know what they are, but the OnPlus Nord 2 had a 50MP main camera with an 8MP ultrawide camera and a 2MP depth camera. We can probably expect a similar package.
It looks like the phone will have a glass back to give it a more premium feeling. This is the top-tier Nord phone, so that should come as no surprise. Also, we see the OnePlus logo right in the center.
Moving to the front, we see a typical OnePlus sight. The phone has rather thin bezels and there’s a punch-hole in the upper left corner.
Expected specs
The OnePlus Nord 3, based on the rumored specs, looks like it’ll be a powerhouse. Starting off with the display, it might have a large 6.71-inch AMOLED display with an FHD+ resolution and a 120Hz refresh rate.
As for the internals, it looks like this phone is going to pack a lot of power. It’s expected to use the flagship-grade MediaTek Dimensity 9000 SoC. That’s MediaTek’s answer to the top-tier Snapdragon processors. It may also have up to 256GB of storage and up to 16GB of RAM.
Rounding out the specs, we expect this phone to have a 5000mAh battery. It may support 80W charging. The leak says that the OnePlus Nord 3 will launch between mid-June and July.
Google and Mercedes-Benz have gone into a strategic partnership that will help to improve the user navigation experience. The German luxury car brand is working hard to bring its next-generation navigation experience to vehicles. To make this possible, they will rely on the newly formed partnership with Google aimed at fostering innovation.
This partnership is a long-term endeavor that will bring great benefits to Mercedes-Benz owners around the world. As is already known, Mercedes-Benz is a luxury car brand with industry-leading technologies integrated into its vehicles. Now the brand is turning its attention to integrating a unique luxury feel into its digital experience.
Google will help the German automobile manufacturer achieve this digital luxury goal. This partnership will produce the first-of-its-kind experience for any luxury car brand. The new Google and Mercedes-Benz partnership will bring remarkable benefits to the public.
The benefits of this new Google and Mercedes-Benz partnership
Mercedes-Benz is currently working on its new operating system for the infotainment system and digital cockpit. This new platform will bring a ton of improvements to the overall user experience for the German automobile manufacturer vehicles. The partnership with Google will make Mercedes-Benz the first automobile manufacturer to build its own navigation experience.
With the coming Mercedes-Benz Operating System (MB.OS) users will be able to get detailed navigation based on the in-car data. Navigation details regarding places, real-time traffic, automatic re-routing and so on will be available with the new operating system. To make this possible, Mercedes-Benz will rely on the Google geospatial service.
This means that Google Maps will be integrated into the coming Mercedes-Benz Operating System (MB.OS). Its integration will also help improve Mercedes-Benz’s assisted driving system. With this, drivers will receive assistance from the car’s system concerning speed adjustment, lane keep assist, and so on while driving.
The Google and Mercedes-Benz partnership will also bring some core Google apps to the German automobile manufacturer’s infotainment system. Other benefits of this partnership include AI, data, and open infrastructure integration which will come to Mercedes-Benz vehicles in the future.
The Chief Executive Officer of Mercedes-Benz has referred to Google as the “very best partner” to help them achieve their goal. Both parties are optimistic about the outcome of this strategic partnership and how it will benefit users around the world.
TikTok is in trouble. Or so it seems (the understatement of the year!). Across the U.S. and the European Union, the crazy-popular short video-sharing platform is facing scrutiny and mistrust. And now, Politico reports that European Commission staff is banned from using TikTok over security concerns.
The EU Commission has now banned employees from using TikTok
Allegedly, there are ties between Chinese tech companies and the Chinese Communist Party, and the West is getting alarmed. Also, people are getting more and more concerned with the possibility that TikTok collects info from all over the world. An unnamed official told the folks at Politico that EU staff was ordered to remove TikTok from their official devices and that the app should be removed from their personal devices as well if they happen to have work-related apps on said devices (or they can delete work-related apps from their personal devices and leave TikTok).
EC employees received the information in an email sent on Thursday morning. Employees have until March 15 to remove the video-sharing app. After that deadline passes, devices with the app installed will be considered non-compliant, which was also underlined in the email.
The European Union Council and Parliament are likely to follow with a similar ban, but it may take more time for the Parliament to implement such a policy.
TikTok’s been facing similar treatments in the United States as well. In the U.S. the app got banned in December for all federal government devices – due to concerns that the app may be spying. TikTok’s parent company, ByteDance, is based in China. Also, TikTok’s CEO Shou Zi Chew is expected to testify before the U.S. Congress on March 23 – the topic of discussion: potential risks that TikTok could be to U.S. national security.
Twitter is making radical changes to how two factor authentication works on the site. What’s happening, and when do these changes go live?
Twitter is making some dramatic shake ups to its currently available security settings. From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service.
If you use text-based 2FA, the important thing here is not to worry.
You may be under the impression that Twitter is removing your 2FA ability altogether, but this isn’t the case. There are alternatives, and they’re quite a bit more robust than the SMS approach. In fact, they’re referenced by Twitter repeatedly in the documentation regarding the removal of the text service for free Twitter users.
If you’re not sure what they are, or how they work, fear not. We’re going to walk you through the alternatives.
Changing your security approach on a deadline
If you log into Twitter at the moment, you’ll eventually be treated to a popup message which says the following:
Only Twitter Blue subscribers can use the text message two factor authentication method. It’ll just take a few minutes to remove it. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.
This move is being blamed on fraudulent bot behaviour in relation to the Twitter platform. From the above linked Twitter blog post:
While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.
It’s not great that an additional security measure is being removed from users and placed behind a subscription. Some form of 2FA is better than nothing, and uptake for any type of 2FA is painfully low on major platforms. Even Twitter itself struggles, with just 2.6% of active accounts making use of at least one 2FA method. Out of those, 74.4% are using SMS 2FA so this removal plan could have a big impact on already tiny sign up numbers.
As Twitter is so mobile-centric and likely already has your mobile number, SMS 2FA is for many people a natural fit for the platform. It may well be that people stripped of their SMS 2FA may not bother to implement 2FA all over again with an app or hardware key. That would leave those accounts much less secure.
With this in mind, let’s take a look at what’s on the other two forms of 2FA that Twitter offers.
Twitter and 2FA: What can you use?
Authenticator apps
Apps are viewed as being more secure than text-based 2FA, but are still very convenient.
Authenticator apps work by continually generating a numerical code that you enter on the site after you’ve logged in with your username and password. If the code expires before you enter it, the app generates another one and you use that instead. The app will never run out of codes.
These codes are valid whether your phone is online or offline. Some authenticator apps will also send you a prompt to accept, to prove it is you who is logging in. If you travel a lot, this can be more convenient than relying on SMS because you may not have access to a network provider while overseas, or even some form of internet connection. With an app, it doesn’t make any difference.
Unlike text-based 2FA, authenticator apps are resistant to SIM-swap phone calls, because your codes are entirely disconnected from your carrier. Note that you can still be phished should you enter your app generated code on a phishing page.
Hardware security keys
These are dedicated USB sticks which can be tied to the websites you use, taking on the 2FA role in place of text messages, app codes, or even codes sent by email. Hardware security keys can’t be SIM swapped, and they won’t fall foul of phishing either. There’s nothing to phish. Unless the attacker can somehow physically obtain the device from your home, your wallet, your keychain, or anywhere else, they’re going to fail miserably with regard to compromising your security.
Hardware keys are very much the niche option, but if you want to reduce the risk of phishing as much as you possibly can, they’re definitely something to consider. There are models of hardware key which also work with services like password managers, so there’s a lot of options available depending on your specific security needs.
Making the change
Our next post on this subject will explain how to remove text based 2FA from your Twitter account if you have it enabled, and how to enable either app-based authentication or a hardware key instead. Some of the options and settings can be hard to find even for a pro, but we’ll cover each option in detail and you can pick the setting most relevant to your needs.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
