two-factor authentication
Coverage of two-factor authentication in the Nexus archive.
- Readers reply: Experts say we should use passkeys, but can a smartphone pin really be safer than a password?
Readers debate whether passkeys like smartphone PINs or facial recognition are safer than traditional passwords and two-factor authentication. Concerns include risks if a phone is stolen or lost, despite passkeys being unphishable and less hackable when not stored on company servers.
- Data Doctors: How to spot scam invitations
The article warns about scam invitations during events like weddings, which mimic platforms like Evite and Paperless Post to steal login credentials. The FTC advises checking sender emails, links, and avoiding entering credentials on such invitations. Victims should change passwords and enable two-factor authentication if compromised.
- Dashlane issues opaque advisory warning 20 encrypted vaults were stolen
Dashlane issued a security advisory warning that attackers stole 20 encrypted user vaults by launching a brute force attack against two-factor authentication (2FA) protections to register new devices on existing accounts. The advisory states the attack began on May 31, 2026, and a user provided a screenshot of a 2FA request notification received on Sunday.
- Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Password manager Dashlane disclosed that fewer than 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack. An external threat actor launched the attack on May 31, 2026, targeting accounts to break two-factor authentication (2FA).
- Password manager Dashlane suspends customer accounts amid brute-force attacks
Password manager Dashlane suspended customer accounts following brute-force attacks, which began on Sunday and led to unauthorized login attempts from Korea and Russia. The company restored accounts after investigating the incident but later changed the status to 'monitoring.' Dashlane confirmed no internal systems were compromised, though users criticized the lack of public communication and faced issues with two-factor authentication.
- Your senior parents are easier to impersonate than you are
Americans 60 and older filed 201,266 complaints with the FBI's Internet Crime Complaint Center in 2025, reporting $7.7 billion in losses, the highest of any age group. Scammers exploit outdated verification methods like date of birth and Social Security numbers, while AI voice cloning enables fraudulent phone calls. The article recommends steps like credit freezes and two-factor authentication to protect seniors.
- Are bank text codes enough to protect you?
Text or email codes for bank security are better than passwords alone but are not the strongest options due to risks like SIM swap scams. Experts recommend using authenticator apps for stronger two-factor authentication (2FA) to protect accounts from scammers intercepting codes.
- npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has introduced staged publishing on npm, requiring maintainers to approve package releases via two-factor authentication (2FA) to enhance software supply chain security. This feature aims to prevent unauthorized or malicious package distributions by mandating human verification before public installation.
- Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google
Hackers used an AI model to discover and exploit a previously unknown software flaw, bypassing two-factor authentication, as confirmed by Google's threat team. This zero-day exploit was used by cybercriminals. The incident highlights the growing concern of AI-powered attacks.
- Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Attackers are exploiting device code phishing by leveraging a service's legitimate new-device login flow to trick victims into granting account access. This method bypasses traditional two-factor authentication (2FA) by mimicking authorized login processes.
- Two-Factor Authentication Breaks Free from the Desktop
The article discusses how threat actors bypass security systems in non-traditional IT environments, emphasizing the need for two-factor authentication (2FA) as an added security layer in physical settings. It highlights 2FA's potential to counteract vulnerabilities outside standard digital defenses.
- New FBI warning reveals phishing attacks hitting private chats
The FBI and CISA warn that Russian intelligence-linked actors are conducting large-scale phishing campaigns targeting encrypted messaging apps like WhatsApp, Signal, and Telegram. Attackers exploit human error rather than breaking encryption, compromising accounts by tricking users into revealing login credentials, enabling impersonation and data breaches.