{"id":2024,"date":"2013-06-06T10:00:56","date_gmt":"2013-06-06T14:00:56","guid":{"rendered":"http:\/\/www.kaspersky.co.in\/blog\/?p=2024"},"modified":"2020-02-26T20:26:44","modified_gmt":"2020-02-26T14:56:44","slug":"evernote-linkedin-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/evernote-linkedin-two-factor-authentication\/2024\/","title":{"rendered":"Evernote and LinkedIn Join Two-Factor Party"},"content":{"rendered":"<p>Another day, another online service adds two-factor authentication to its list of features. <a href=\"https:\/\/threatpost.com\/evernote-introduces-two-factor-authentication-for-paid-users\/\" target=\"_blank\" rel=\"noopener nofollow\">This time it was Evernote<\/a>, the cloud-based note-taking service that hackers managed <a href=\"https:\/\/threatpost.com\/evernote-compromised-says-no-user-data-affected-030313\/\" target=\"_blank\" rel=\"noopener nofollow\">to compromise<\/a> and <a href=\"https:\/\/threatpost.com\/cybercriminals-use-evernote-cc-032813\/\" target=\"_blank\" rel=\"noopener nofollow\">use as a command and control server<\/a> on two separate occasions in March.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2013\/06\/05095515\/evernote_title.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2025 aligncenter\" alt=\"evernote_title\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2013\/06\/05095515\/evernote_title.jpg\" width=\"640\" height=\"420\"><\/a><\/p>\n<p><a href=\"https:\/\/threatpost.com\/web-services-finding-religion-with-two-factor-authentication\/\" target=\"_blank\" rel=\"noopener nofollow\">So in vogue is two-factor authentication<\/a> that while I was writing this very report, which was supposed to be about Evernote, LinkedIn implemented its own two-factor authentication, and I now I\u2019m covering that as well.<\/p>\n<p>Unfortunately, two-factor authentication is sort of old news at this point. Gmail implemented its two-factor feature in September of 2010. We were writing articles about two-factor at Threatpost almost four years ago, when security experts heralded the concept of multi-step logins. You should still use two-factor to protect sensitive accounts when you can, but it is more widely seen as <a href=\"https:\/\/threatpost.com\/two-factor-authentication-no-cure-all-for-twitter-security-woes\/\" target=\"_blank\" rel=\"noopener nofollow\">another roadblock for hackers<\/a> than it is as the account takeover panacea.<\/p>\n<div class=\"pullquote\">You should still use two-factor to protect sensitive accounts when you can, but it is more widely seen as another roadblock for hackers than it is as the account takeover panacea.<\/div>\n<p>It seems though that <a href=\"https:\/\/www.kaspersky.co.in\/blog\/good-news-and-bad-news-as-apple-adds-two-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">Apple\u2019s<\/a> and <a href=\"https:\/\/www.kaspersky.co.in\/blog\/twitter-improves-hack-protection\/\" target=\"_blank\" rel=\"noopener\">Twitter\u2019s<\/a> wildly belated decisions to implements their own two-step login features may have been the catalysts driving this second wave of two-factor new-comers. This is a good thing. There is very little reason not to offer the two-factor option.<\/p>\n<p>Evernote\u2019s plan stands out because they\u2019re rolling the feature out in waves, first to paying premium customers, then to everyone else. Beyond that, LinkedIn and Evernote\u2019s two-factor systems are nearly identical to those implemented by your bank or Google almost three years ago: if enabled, users are required to enter a second verification code (in addition to their login-password combo) when they log in. For the most part, these systems rely on sending the codes via SMS or mobile code generator applications like Google Authenticator or the code generator built into the Facebook mobile app.<\/p>\n<p>Unfortunately, hackers have been circumventing SMS PINs for some time, most notably in <a href=\"https:\/\/www.kaspersky.co.in\/blog\/man-in-the-middle-attack\/\" target=\"_blank\" rel=\"noopener\">man-in-the-middle attacks<\/a> on mobile devices.<\/p>\n<p>Two-factor is the best you can do right now with a lot of your popular online services, but there is a serious race to replace passwords going on right now, and it involves everybody from Google to the United States Department of Defense. <a href=\"https:\/\/threatpost.com\/former-darpa-head-proposes-pills-and-tattoos-to-replace-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\">It\u2019s only a matter of time before we are all getting authenticator tattoos or eating pills in order to sign into our email accounts<\/a>.<\/p>\n<p>In the meantime, you should go ahead and implement that two-factor authentication for any online account that you don\u2019t want compromised. Between the two-factor and your strong passwords, you can pretty safely assume that you won\u2019t be the slowest gazelle on the savannah, which is a solid deterrent to the cybercriminals that prefer to prey on the lowest common denominator.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Another day, another online service adds two-factor authentication to its list of features. This time it was Evernote, the cloud-based note-taking service that hackers managed to compromise and use as<\/p>\n","protected":false},"author":42,"featured_media":2026,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[189,82,344],"class_list":{"0":"post-2024","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-data-security","9":"tag-hacking","10":"tag-online-protection"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/evernote-linkedin-two-factor-authentication\/2024\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/evernote-linkedin-two-factor-authentication\/2024\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/evernote-linkedin-two-factor-authentication\/2024\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/evernote-linkedin-two-factor-authentication\/2024\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/evernote-linkedin-two-factor-authentication\/2024\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/evernote-linkedin-two-factor-authentication\/913\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/evernote-linkedin-two-factor-authentication\/2024\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/evernote-linkedin-two-factor-authentication\/2024\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/data-security\/","name":"data security"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/2024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=2024"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/2024\/revisions"}],"predecessor-version":[{"id":18809,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/2024\/revisions\/18809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/2026"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=2024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=2024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=2024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}