Krebs on Security

How 1-Time Passcodes Became a Corporate Liability

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer ...
Bleeping Computer

Okta one-time MFA passcodes exposed in Twilio cyberattack

The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS from customers of Okta identity and access management company. Okta provides its ...
Forbes

Under The Microscope: The Risks Of One-Time Passwords' Vulnerabilities

Mike Wilson is the Founder & CTO of Enzoic, a cybersecurity company that helps prevent account takeover of employee and customer accounts. Threat actors continue to target passwords, with the 2024 ...
Hosted on MSN

Death to one-time text codes: Passkeys are the new hotness in MFA

Whether you're logging into your bank, health insurance, or even your email, most services today do not live by passwords alone. Now commonplace, multifactor authentication (MFA) requires users to ...
Krebs on Security

Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes ...
TechSpot

Whistleblower warning: 2FA codes sent via SMS are trivially easy to intercept

Weak Link: Two-factor authentication is designed to harden device security and make unauthorized access even trickier for bad actors. In the imperfect world we live in, however, there's almost always ...
The Cornell Daily Sun

Cornell to Discontinue Duo Phone Call, SMS Passcode: App, Key or Token Required Beginning On Tuesday

The University will retire the Duo Phone Call and SMS Passcode log-in methods for students beginning Tuesday, according to an Oct. 2 email to members of the Cornell community from Robert Edamala, ...