Hackers find a way to bypass Gmail two-factor authentication

Macbook with Gmail

Two-factor authentification has been hailed as a significant move forward in providing online security, letting us log in with confidence to sites such as Gmail. Websites that once required an insecure password now need a complex password with a second form of authentication from a mobile device, or implement other two-factor systems. However, as with everything, two-factor authentication isn’t impervious to flaws, and a new report by Amnesty International details how hackers have been phishing two-factor codes.

Authenticating with a two-factor system is two-step, as hinted by the name, and will typically involve asking a user to enter both a password and a code, either generated by or sent to a mobile device. This secure option does indeed help to prevent hackers from accessing user accounts if they have only gained access to one factor, such as your password, if a website’s data has been breached. But, if you unknowingly give your two-factor code over to a malicious individual or site, the system has been defeated.

The Amnesty International report noted that hackers have begun to utilize an automated process that occurs by first phishing your password from a fraudulent website, then submitting the password to Gmail, triggering a two-factor text message, and finally having you submit that message into the fraudulent site.

Because some systems don’t requiring a user to re-authenticate for switching off two-factor, hackers can then quickly walk away with your account. Even without taking full control of an account, hackers can generate app-specific passwords, secondary passwords that can be used to access two-factor accounts without needing to re-authenticate each time.

Throughout 2017 and 2018, hackers targeted more than a thousand Google and Yahoo accounts across the Middle East and North Africa. When testing, Amnesty International found that its smartphone setup for testing the phishing system did indeed receive a genuine text message from Google’s server to authenticate in connection with the malicious site. The organization notes that the attacks targeted dissidents in the United Arab Emirates.

While the news is not a reason to disengage any two-factor systems you are currently employing, we still recommend switching on two-factor authentication for any websites that offer it, it is another bit of proof that no security system is impermeable.

Photography

Authentic, holistic, retro photography is in: Here are 2019’s predicted trends

What types of imagery are we most drawn to? According to recent stock photography data from Adobe, StoryBlocks, and Shutterstock, authentic, holistic, and humanitarian content will be in high demand in 2019.
Smart Home

Amazon patents a technology to help Alexa fight fake voice attacks

Amazon filed a patent this month for a new technology that looks like it would help its digital assistant Alexa fight fake voice attacks that could potentially fool Alexa's biometric security protocols.
Mobile

Having trouble logging in? Here's how to reset your Apple ID password

To use any of Apple's services, you need to have an Apple ID and know your password. Thankfully, there are ways to deal with forgotten passwords and regain access to your account. Here's how to reset your Apple ID password.
Gaming

‘Fortnite’ security flaw let hackers spy on players through microphones

A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations using the in-game microphone. It has been addressed.
Computing

The Asus ZenBook 13 offers more value and performance than Apple's MacBook Air

The Asus ZenBook 13 UX333 is the latest in that company's excellent "budget" laptop line, and it looks and feels better than ever. How does it compare to Apple's latest MacBook Air?
Computing

AMD Radeon VII will support DLSS-like upscaling developed by Microsoft

AMD's Radeon VII has shown promise with early tests of an open DLSS-like technology developed by Microsoft called DirectML. It would provide similar upscale features, but none of the locks on hardware choice.
Computing

You could be gaming on AMD’s Navi graphics card before the end of the summer

If you're waiting for a new graphics card from AMD that doesn't cost $700, you may have to wait for Navi. But that card may not be far away, with new rumors suggesting we could see a July launch.
Computing

Is AMD's Navi back on track for 2019? Here's everything you need to know

With a reported launch in 2019, AMD is focusing on the mid-range market with its next-generation Navi GPU. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.
Computing

Cortana wants to be friends with Alexa and Google Assistant

Microsoft no longer wants to compete against Amazon's Alexa and Google's Assistant in the digital assistant space. Instead, it wants to transform Cortana into a skill that can be integrated into other digital assistants.
Computing

Microsoft leans on A.I. to resume safe delivery of Windows 10 Update

Microsoft is leaning on artificial intelligence as it resumes the automatic rollout of the Windows 10 October 2018 Update. You should start seeing the update soon now that Microsoft has resolved problems with the initial software.
Computing

Stop dragging windows on your Mac. Here's how to use Split View to multitask

The latest iterations of MacOS offer a native Split View feature that can automatically divide screen space between two applications. Here's how to use Split View on a Mac, adjust it as needed, and how it can help out.
Computing

It's not all free money. Here's what to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money, and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.
Computing

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.
Computing

What is fixed wireless 5G? Here’s everything you need to know

Here's fixed wireless 5G explained! Learn what you need to know about this effective new wireless technology, when it's available, how much it costs, and more. If you're thinking about 5G, this guide can help!