Tuesday, 10 September 2019

What does Multi-Factor Authentication / Two-Factor Authentication

Two-Factor Authentication


Two-factor authentication is a system that provides extra security to your account by forcing you to
prove you are who you say you are when you attempt to access an account.

The most common form of two-factor authentication is to via text message. The process works like this :


    .
  1. You log into a website to do some shopping.
  2. The website asks you to prove who you are,
  3. You receive a text message on your phone with a code
  4. You type that code into the website and continue shopping

.
You can also verify via email, or even have a system call you on a land line with the passcode.

The point of two factor authentication is to make it harder for someone to illegally make purchases or
check your email or other nefarious tasks. If someone has stolen your username and password, they
still can't access your account until they enter a code sent to your email address or cell phone.

You can typically tell a website "This is a personal computer I use all the time" which keeps you from
having to verify all the time, but there are some caveats to this.

If it is a portable device, DO NOT DO THIS. 
If it is NOT password protected, DO NOT DO THIS.  If it is a device that is used by visitors (like small children), DO NOT DO THIS. 

The point of two-factor authentication is to protect you.  If you circumvent these protections, you are making yourself less secure.

Two-Factor Authentication


Two-factor authentication is a system that provides extra security to your account by forcing you to
prove you are who you say you are when you attempt to access an account.

The most common form of two-factor authentication is to via text message. The process works like this :


    .
  1. You log into a website to do some shopping.
  2. The website asks you to prove who you are,
  3. You receive a text message on your phone with a code
  4. You type that code into the website and continue shopping

.
You can also verify via email, or even have a system call you on a land line with the passcode.

The point of two factor authentication is to make it harder for someone to illegally make purchases or
check your email or other nefarious tasks. If someone has stolen your username and password, they
still can't access your account until they enter a code sent to your email address or cell phone.

You can typically tell a website "This is a personal computer I use all the time" which keeps you from
having to verify all the time, but there are some caveats to this.

If it is a portable device, DO NOT DO THIS. 
If it is NOT password protected, DO NOT DO THIS.  If it is a device that is used by visitors (like small children), DO NOT DO THIS. 

The point of two-factor authentication is to protect you.  If you circumvent these protections, you are making yourself less secure.

Saturday, 10 September 2016

What Precautions Should I Take on Social Networking Sites?

What Precautions Should I Take on Social Networking Sites?

Below are some helpful tips regarding security and privacy while using social networking sites:

  • Ensure that any computer you use to connect to a social media site has proper security measures in place. Use and maintain anti-virus software, anti-spyware software, and a firewall and keep these applications and operating system patched and up-to-date.

  • Be cautious when clicking on links. If a link seems suspicious, or too good to be true, do not click on it...even if the link is on your most trusted friend's page. Your friend's account may have been hijacked or infected and now be spreading malware.

  • If you are going to request that your account be deleted, first remove all of the data. Request that the account be deleted, rather than deactivated.

  • Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your site through email or another website, you might be entering your account name and password into a fake site where your personal information could be stolen

  • Be cautious about installing applications. Some social networking sites provide the ability to add or install third party applications, such as games. Keep in mind there is sometimes little or no quality control or review of these applications and they may have full access to your account and the data you share. Malicious applications can use this access to interact with your friends on your behalf and to steal and misuse personal data. Only install applications that come from trusted, well-known sites. If you are no longer using the app, remove it. Also, please note that installing some applications may modify your security and privacy settings.

  • Use strong and unique passwords. Using the same password on all accounts increases the vulnerability of these accounts if one becomes compromised. Use different passwords for different accounts, and do not use a password you use to access your organizations network on any personal sites you access.

  • Be careful whom you add as a “friend,” or what groups or pages you join. The more “friends” you have or groups/pages you join, the more people who have access to your information.

  • Do not assume privacy on a social networking site. For both business and personal use, confidential information should not be shared. You should only post information you are comfortable disclosing to a complete stranger.

  • Use discretion before posting information or comments. Once information is posted online, it can potentially be viewed by anyone and may not be able to be retracted afterwards. Keep in mind that content or communications on government-related social networking pages may be considered public records.

  • When posting pictures, delete the meta data, which includes the date and time of the picture.

  • Do not announce that you are on vacation or away for an extended period of time.

  • Configure privacy settings to allow only those people you trust to have access to the information you post, and your profile. Also, restrict the ability for others to post information to your page. The default settings for some sites may allow anyone to see your information or post information to your page.


  • Review a site’s privacy policy. Some sites may share information, such as email addresses or user preferences, with other parties. If a site’s privacy policy is vague or does not properly protect your information, do not use the site.
What Precautions Should I Take on Social Networking Sites?

Below are some helpful tips regarding security and privacy while using social networking sites:

  • Ensure that any computer you use to connect to a social media site has proper security measures in place. Use and maintain anti-virus software, anti-spyware software, and a firewall and keep these applications and operating system patched and up-to-date.

  • Be cautious when clicking on links. If a link seems suspicious, or too good to be true, do not click on it...even if the link is on your most trusted friend's page. Your friend's account may have been hijacked or infected and now be spreading malware.

  • If you are going to request that your account be deleted, first remove all of the data. Request that the account be deleted, rather than deactivated.

  • Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your site through email or another website, you might be entering your account name and password into a fake site where your personal information could be stolen

  • Be cautious about installing applications. Some social networking sites provide the ability to add or install third party applications, such as games. Keep in mind there is sometimes little or no quality control or review of these applications and they may have full access to your account and the data you share. Malicious applications can use this access to interact with your friends on your behalf and to steal and misuse personal data. Only install applications that come from trusted, well-known sites. If you are no longer using the app, remove it. Also, please note that installing some applications may modify your security and privacy settings.

  • Use strong and unique passwords. Using the same password on all accounts increases the vulnerability of these accounts if one becomes compromised. Use different passwords for different accounts, and do not use a password you use to access your organizations network on any personal sites you access.

  • Be careful whom you add as a “friend,” or what groups or pages you join. The more “friends” you have or groups/pages you join, the more people who have access to your information.

  • Do not assume privacy on a social networking site. For both business and personal use, confidential information should not be shared. You should only post information you are comfortable disclosing to a complete stranger.

  • Use discretion before posting information or comments. Once information is posted online, it can potentially be viewed by anyone and may not be able to be retracted afterwards. Keep in mind that content or communications on government-related social networking pages may be considered public records.

  • When posting pictures, delete the meta data, which includes the date and time of the picture.

  • Do not announce that you are on vacation or away for an extended period of time.

  • Configure privacy settings to allow only those people you trust to have access to the information you post, and your profile. Also, restrict the ability for others to post information to your page. The default settings for some sites may allow anyone to see your information or post information to your page.


  • Review a site’s privacy policy. Some sites may share information, such as email addresses or user preferences, with other parties. If a site’s privacy policy is vague or does not properly protect your information, do not use the site.

Windows 7 keyboard Shortcuts

Top 20 shortcuts for taming your windows Becky Waring 

Managing windows is probably one of the most fertile areas for keyboard shortcuts because otherwise, you manipulate them solely with the mouse. Here's my top-20 list of must-know shortcuts for taming your windows; you'll never have to move your hands from the keyboard. For completeness, I've included many keyboard shortcuts you might already be familiar with; skip down the list to see the ones you don't know.
Switch between open windows 
Alt + Tab 
Minimize/restore all but the active window 
Windows key + Home 
Minimize all windows 
Windows key + M 
Maximize window 
Windows key + up-arrow 
Minimize/restore window 
Windows key + down-arrow 
Make all windows transparent so you can see the desktop 
Windows key + spacebar 
Dock window to left or right half of screen 
Windows key + left- or right-arrow 
Zoom in/out
  (In the default view, you must zoom in before zooming out.) 
Windows key + plus/minus sign 
Lock screen 
Windows key + L 
Open Run dialog 
Windows key + R 
Open Search box 
Windows key + F 
Open Windows Explorer to computer 
Windows key + E 
Expand Folders view in Win Explorer to show where you are 
Control + Shift + E 
Go up a level in Windows Explorer 
Alt + up-arrow 
Choose display mode/switch monitors
  (Especially useful for presenters or dual-monitor users) 
Windows key + P 
Launch apps pinned to the Taskbar
  (1 is the left-most app; Windows Key+T cycles through all apps.) 
Windows key + (number 1-9) 
Cycle through Gadgets 
Windows key + G 
Rotate a picture clockwise
  (Or use comma for counterclockwise) 
Control + period 
Use Control-click to select the pictures in a folder you need to rotate, then rotate them all at once. 
Turn Sticky Keys on and off 
Press Shift five times 
Although keyboard shortcuts can be real time-savers, sometimes it's hard to press multiple keys at once, (especially while you're eating a sandwich or holding your phone in one hand). The Windows Sticky Keys feature lets you press one key at a time as you enter a shortcut. You can turn on Sticky Keys permanently by using the Control Panel's Ease of Access Center options. 
Turn Mouse Keys on and off 
Left-Alt + Left-Shift + Num Lock 
The Windows Mouse Keys feature is a really useful shortcut that lets you control the cursor with the arrow keys on your numeric keypad. Like Sticky Keys, it can be turned on permanently in the Control Panel's Ease of Access Center, but you can also invoke it at any time by pressing this key combination. This gesture turns you into a true keyboard jockey.
Note that both Sticky Keys and Mouse Keys display a warning message when you turn them on and off. You can disable the warning boxes in the Control Panel's Ease of Access Center by choosing Set up Mouse Keys or Set up Sticky Keys. This list is just a sample of the dozens of shortcuts available. 
Top 20 shortcuts for taming your windows Becky Waring 

Managing windows is probably one of the most fertile areas for keyboard shortcuts because otherwise, you manipulate them solely with the mouse. Here's my top-20 list of must-know shortcuts for taming your windows; you'll never have to move your hands from the keyboard. For completeness, I've included many keyboard shortcuts you might already be familiar with; skip down the list to see the ones you don't know.
Switch between open windows 
Alt + Tab 
Minimize/restore all but the active window 
Windows key + Home 
Minimize all windows 
Windows key + M 
Maximize window 
Windows key + up-arrow 
Minimize/restore window 
Windows key + down-arrow 
Make all windows transparent so you can see the desktop 
Windows key + spacebar 
Dock window to left or right half of screen 
Windows key + left- or right-arrow 
Zoom in/out
  (In the default view, you must zoom in before zooming out.) 
Windows key + plus/minus sign 
Lock screen 
Windows key + L 
Open Run dialog 
Windows key + R 
Open Search box 
Windows key + F 
Open Windows Explorer to computer 
Windows key + E 
Expand Folders view in Win Explorer to show where you are 
Control + Shift + E 
Go up a level in Windows Explorer 
Alt + up-arrow 
Choose display mode/switch monitors
  (Especially useful for presenters or dual-monitor users) 
Windows key + P 
Launch apps pinned to the Taskbar
  (1 is the left-most app; Windows Key+T cycles through all apps.) 
Windows key + (number 1-9) 
Cycle through Gadgets 
Windows key + G 
Rotate a picture clockwise
  (Or use comma for counterclockwise) 
Control + period 
Use Control-click to select the pictures in a folder you need to rotate, then rotate them all at once. 
Turn Sticky Keys on and off 
Press Shift five times 
Although keyboard shortcuts can be real time-savers, sometimes it's hard to press multiple keys at once, (especially while you're eating a sandwich or holding your phone in one hand). The Windows Sticky Keys feature lets you press one key at a time as you enter a shortcut. You can turn on Sticky Keys permanently by using the Control Panel's Ease of Access Center options. 
Turn Mouse Keys on and off 
Left-Alt + Left-Shift + Num Lock 
The Windows Mouse Keys feature is a really useful shortcut that lets you control the cursor with the arrow keys on your numeric keypad. Like Sticky Keys, it can be turned on permanently in the Control Panel's Ease of Access Center, but you can also invoke it at any time by pressing this key combination. This gesture turns you into a true keyboard jockey.
Note that both Sticky Keys and Mouse Keys display a warning message when you turn them on and off. You can disable the warning boxes in the Control Panel's Ease of Access Center by choosing Set up Mouse Keys or Set up Sticky Keys. This list is just a sample of the dozens of shortcuts available. 

How To Use Any Sim Card In Ptcl Evo Wingle-Best Trick

How To Use Any Sim Card In Ptcl Evo Wingle-Best Trick


Hello every body how are you.Here i will tell you how this is possible you can use ptcl evo wingle with any sim card like zong,telenor,jazz,warid and ufone. Before telling you about this trick i want to  tell you about my struggle to achieved this trick .Two month before my friend told me that he has a ptcl evo wingl 9.3 Mbps and there is sim slot in his ptcl evo wingle so he tell me what is the reason for that sim slot.then i research from the internet about this sim slot after visiting some websites i got it that this sim slot for 3g enable sim.when i tell my friend to about that he insert his telenor 3g enable sim in his ptcl evo wingle but in vain.there is no connectivity option so then again we search from internet to unlock ptcl evo wingle for any network sim.it is a time consume research but one day i got it idea from a web so i will share this trick with you .you can unlock ptcl evo wingle for any network sim card Click here and see all process

How To Use Any Sim Card In Ptcl Evo Wingle-Best Trick


Hello every body how are you.Here i will tell you how this is possible you can use ptcl evo wingle with any sim card like zong,telenor,jazz,warid and ufone. Before telling you about this trick i want to  tell you about my struggle to achieved this trick .Two month before my friend told me that he has a ptcl evo wingl 9.3 Mbps and there is sim slot in his ptcl evo wingle so he tell me what is the reason for that sim slot.then i research from the internet about this sim slot after visiting some websites i got it that this sim slot for 3g enable sim.when i tell my friend to about that he insert his telenor 3g enable sim in his ptcl evo wingle but in vain.there is no connectivity option so then again we search from internet to unlock ptcl evo wingle for any network sim.it is a time consume research but one day i got it idea from a web so i will share this trick with you .you can unlock ptcl evo wingle for any network sim card Click here and see all process

Friday, 9 September 2016

SMS for 2-Factor Authentication can be compromised

2-AF bypass

Earlier this year in May 2016, the National Institute of Standards and Technology (NIST) published a guideline recommending the depreciation of SMS authentication as the second factor for strong authentication. NIST has recommended other forms of two-factor such as time-base one-time passwords generated by mobile apps — over text messaging.

In SMS-based two-factor authentication (2FA), a user must confirm the intended login or transaction by entering an OTP sent to their mobile phone — typically, a four- to eight-digit numerical code. This authentication method was once believed to protect against man-in-the-middle (MitM) attacks until security professionals realized that text messages can be intercepted by fraudsters easily.

If a mobile phone is compromised due to some malware, a fraudster can command the malware to monitor text messages, including OTPs, mobile SIM swaps, SIM clones, number porting attacks, fake caller ID and call forwarding scams which are operated by customer service representatives.

But 2FA has a major problem with also phones which have not been corrupted. Since encryption is not applied to short message transmission by default, messages could be intercepted and snooped during transmission, even if the receiving device wasn’t infected by malware. Moreover, SMS are stored in plaintext by short message service center (SMSC) before they are successfully delivered to the intended recipient. These messages can be seen by anyone in SMSC and there are spying programs too like FlexiSpy which enable intruders to automatically record all incoming and outgoing SMS messages and then upload the logs to a remote server for later viewing and analysis.

This method will fool a decent percentage of users who have enabled text messages as a form of two-factor authentication. Certainly, text messaging isn’t the strongest form of 2-factor authentication, but it is better than allowing a login with nothing more than a username and password, as this scam illustrates. For this reason, most companies haven’t urgently migrated to other authentication methods.

Other safer options like push-to-approve to biometrics, such as fingerprint scans, retina scans or even voice recognition will take time. Google recently went a step further by debuting a new “push” authentication system that generates a prompt on the user’s mobile device that users need to tap to approve login requests.

But presently, the need of the hour is that websites should make user-friendly password policies and put the burden on verifier. It’s important that the users are not asked every time to improve their security by changing the passwords frequently because they are not improving it.
2-AF bypass

Earlier this year in May 2016, the National Institute of Standards and Technology (NIST) published a guideline recommending the depreciation of SMS authentication as the second factor for strong authentication. NIST has recommended other forms of two-factor such as time-base one-time passwords generated by mobile apps — over text messaging.

In SMS-based two-factor authentication (2FA), a user must confirm the intended login or transaction by entering an OTP sent to their mobile phone — typically, a four- to eight-digit numerical code. This authentication method was once believed to protect against man-in-the-middle (MitM) attacks until security professionals realized that text messages can be intercepted by fraudsters easily.

If a mobile phone is compromised due to some malware, a fraudster can command the malware to monitor text messages, including OTPs, mobile SIM swaps, SIM clones, number porting attacks, fake caller ID and call forwarding scams which are operated by customer service representatives.

But 2FA has a major problem with also phones which have not been corrupted. Since encryption is not applied to short message transmission by default, messages could be intercepted and snooped during transmission, even if the receiving device wasn’t infected by malware. Moreover, SMS are stored in plaintext by short message service center (SMSC) before they are successfully delivered to the intended recipient. These messages can be seen by anyone in SMSC and there are spying programs too like FlexiSpy which enable intruders to automatically record all incoming and outgoing SMS messages and then upload the logs to a remote server for later viewing and analysis.

This method will fool a decent percentage of users who have enabled text messages as a form of two-factor authentication. Certainly, text messaging isn’t the strongest form of 2-factor authentication, but it is better than allowing a login with nothing more than a username and password, as this scam illustrates. For this reason, most companies haven’t urgently migrated to other authentication methods.

Other safer options like push-to-approve to biometrics, such as fingerprint scans, retina scans or even voice recognition will take time. Google recently went a step further by debuting a new “push” authentication system that generates a prompt on the user’s mobile device that users need to tap to approve login requests.

But presently, the need of the hour is that websites should make user-friendly password policies and put the burden on verifier. It’s important that the users are not asked every time to improve their security by changing the passwords frequently because they are not improving it.

 

Security Learner's Blog

This content is DMCA Protected.Copying or reproducing of procedure is prohibited.Do Not Copy!!