Archive for September 5, 2014

Hey IT Nerd: Is Two-Factor Authentication Truly More Secure & Should I Use It?

Posted in Commentary with tags on September 5, 2014 by itnerd

Over the last few days, I’ve gotten a number of e-mails asking if two-factor authentication is truly more secure than just using a strong password. The answer is yes. Here’s why. When you use two or more factors of authentication, the user is required to present any of the following to access the resource in question:

  • Something only the user knows. For example, a password.
  • Something only the user has. For example, a phone.
  • Something only the user is. For example, a fingerprint.

Because multiple factors are involved, it is far less likely for a cyber-criminal for example to break into an online resource that uses two or more factors of authentication. For example, Apple’s two-factor authentication system requires you to enter your password and then enter a PIN number that is sent to a trusted device such as an iPhone that is under your control and you can choose which one the PIN goes to if you have multiple devices. Thus in this scenario, a cyber-criminal would have to not only know your password, but they would also have to have physical access to your iPhone to get access to Apple resources that use this authentication system. That effectively stops brute force and social engineering attacks like the ones that led to those nude pics of celebrities being leaked.

The other question is should you use it. The answer is YES! And I am not only talking about using it for Apple products. Google, Dropbox, Microsoft. PayPal, Facebook, Yahoo, and Linked In off the top of my head have two-factor authentication systems. Hopefully, more companies adopt systems like these. Now I do understand that setting and using two-factor authentication systems can be daunting for some users. But I would strongly suggest that you turn them on and use them to secure your digital life. The simple reason is that this past week has proved that having a password, even a strong one, isn’t good enough anymore.

 

 

 

Leave a comment »

Canadian Gov’t Sued For $1.2 BILLION Over Mobilicity Fiasco

Posted in Commentary with tags , on September 5, 2014 by itnerd

This was a plot twist that I didn’t see coming.

The Globe And Mail is reporting that Quadangle which is a private equity firm is suing the Canadian Government for $1.2 billion dollars. The reason for the suit is as follows:

A statement of claim filed with the Ontario Superior Court of Justice on Thursday alleges that in 2006, representatives from Industry Canada approached John Bitove, a Canadian businessman known for his development of satellite radio provider Sirius XM Canada, and encouraged him to invest in a new wireless company.

Mr. Bitove and his partners invested hundreds of millions of dollars in buying spectrum licences in the 2008 auction for the airwaves used for cellular services and built out a network in large urban centres in Ontario, B.C. and Alberta.

The crux of the claim is that the government made assurances that it would create market conditions that would allow new entrants to establish themselves and that any investment made would not be lost as the spectrum licences could be transferred to one of the country’s dominant three wireless players after five years.

However, the government has since blocked several attempts by Mobilicity, the company Mr. Bitove ultimately founded, to sell its airwaves to Telus Corp., one of the Big Three.

“Having caused the plaintiffs to lose substantially all of their investment, Industry Canada broke its final promise by refusing to allow the sale of the business after five years,” Quadrangle said in the statement of claim.

Keep in mind that Mobilicity has been fighting to stay alive for the last little while and Industry Canada has stopped multiple takeover attempts from Telus. Thus its future is very much in limbo. Another thing to keep in mind: A lawsuit like this isn’t going to make a big foreign telco want to come and set up shop here in Canada. Thus the Canadian Government may want to fix that impression and fix it quickly so that it can deliver on it’s promise of more choice, lower prices, and better service. In the meantime, I hope that the Canadian Government has a great suite of lawyers.

Leave a comment »

Apple To Better Secure Your iCloud Account

Posted in Commentary with tags , , on September 5, 2014 by itnerd

The last thing that Tim Cook needed on the eve of the launch of the iPhone 6 and iWatch…. Assuming those rumors are true of course….. was having to defend his company against claims that the iCloud lacks security because a bunch of celebrities had their nudie pics leaked. But that’s exactly what the CEO of Apple is doing in the Wall Street Journal. Here’s what Cook plans to do to make sure that this never happens again:

To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for or restoring iCloud data.

According to the article, you should see this in a couple of weeks. If you get one of these alerts, you can either change the password to retake the account or alert Apple’s security team. That sounds great on paper. I’ll wait until it appears and I’ll let you know how good it is.

Other thing that Apple plans to do include:

  • Broaden the use of two-factor authentication to also cover access to iCloud accounts from mobile devices like iPad and iPhone.
  • Aggressively getting its users to turn on two-factor authentication. The reason being according to Cook that had the celebrities been using two-factor verification, the hackers would not have been able to guess their security questions.

Tim Cook Also said this:

When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” he said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.

Translation: Apple has to tell users to take better responsibility for their digital lives. That’s an interesting tactic. But it’s cold comfort to those who have had their nudie pics leaked to the web.

 

Leave a comment »