Archive for January 9, 2022

Salesforce To Require MFA For All Users Starting February 1st

Posted in Commentary with tags on January 9, 2022 by itnerd

Salesforce has announced that it is adopting multi-factor authentication (A.K.A. MFA) for all users starting on February 1st. Thus companies that use Salesforce will have to enable a form of MFA for their accounts or see employees cut off from accessing the platform. Here’s the list of acceptable forms of MFA:

  • Salesforce Authenticator mobile app (available on the Apple App Store or Google Play Store)
  • Time-based one-time passcode (TOTP) authenticator apps, like Google Authenticator, Microsoft Authenticator, or Authy.
  • Security keys that support WebAuthn or U2F, such as Yubico’s YubiKey or Google’s Titan.
  • Built-in authenticators, such as Apple’s Touch ID and Face ID, or Windows Hello.

This is a good move by Salesforce as it will ensure that any data on the platform is secure. The company’s decision was initially announced last March, and most customers had been notified about the new requirement since at least February 2021 so they’d have time to prepare. So if you’re a Salesforce admin and you haven’t rolled out MFA yet, you need to do it ASAP.

Pro Tip: You can set up multiple forms of MFA. I would do that to ensure that you are never locked out of your account.

Norton 360 Installs A Crypto Miner When You Install The Product…. WTF??

Posted in Commentary with tags on January 9, 2022 by itnerd

Norton 360, one of the most popular antivirus products on the market today, has been caught installing a cryptocurrency mining program on its customers’ computers reports security researcher Brian Krebs:

Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”

So the product installs a crypto miner and takes a commission? That’s beyond low. An antivirus program should be trying to find and kill crypto miners. Not install them. And the fact that it is opt-in is irrelevant. Norton should be ashamed. The best way to deal with this is for everyone not to ever by another Norton product as that will send a strong message that this is unacceptable.