"Traditional two-factor authentication protocols require a shared secret between the user and the service. A weakness of these protocols is that the shared secret can be compromised if the server is compromised," explains Twitter security engineer Alex Smolen. "We chose a design that is resilient to a compromise of the server-side data’s confidentiality: Twitter doesn’t persistently store secrets, and the private key material needed for approving login requests never leaves your phone."
"Also, our updated login verification feature provides additional information about the request to help you determine if the login request you see is the one you’re making," he points out.
The only thing you need to use this new solution is the newest version of the Twitter app for iOS (v5.9) or Android (v4.1.4). As with the previous solution, the feature can be turned on in the Settings.
Once you choose to do so, you will be first urged to store a generated backup code in a safe place so that you can access your account even if your phone has been stolen, lost, or is broken.
From that moment on, you will be using the Twitter app to approve requests each time you sign in to with your login credentials.
"When you enroll, your phone generates an asymmetric 2048-bit RSA keypair, which stores the private key locally on the device and sends the public key, which Twitter stores as part of your user object in our backend store, to the server," Smolen describes the login verification process.
"Whenever you initiate a login request by sending your username and password, Twitter will generate a challenge and request ID –– each of which is a 190-bit (32 alphanumerics) random nonce –– and store them in memcached. The request ID nonce is returned to the browser or client attempting to authenticate, and then a push notification is sent to your phone, letting you know you have a login verification request."
You can then review the request, which contains details such as the time when the request was made, the geolocation from which it was made, the browser that was used, and the login request’s challenge nonce, you can either approve or deny it.
"If you approve the request, the client will use its private key to respond by signing the challenge. If the signature is correct,Extend the power on your iphone 5 back cover juice pack. the login request will be marked as verified. In the meantime, the original browser will poll the server with the request ID nonce.Protect and connect your Samsung smartphone with samsung cases. When the request is verified, the polling will return a session token and the user will be signed in," Smolen concludes.
Login verification with the previously mentioned backup code is also well thought out, so that potential attackers targeting Twitter servers can't generate one even if the access the data (more details and a helpful animated GIF that explains this verification process can be found here).
Finally, there will be some Twitter clients that will initially not support the new login verification directly, and for them you can generate temporary passwords via your Password Settings.
This new approach would definitely make breaches such as the one suffered by the company earlier this year less damaging, as decrypting the stored hashes would not get the attackers the login information they need to hijack users' accounts.
To keep pace with the continually evolving family of Microsoft products, Skillsoft offers a complete portfolio of multi-modal e-learning solutions to help IT professionals stay abreast of product enhancements, new applications and prepare for certification exams. The Microsoft training portfolio includes courseware, videos, books, practice labs, mentoring, test preparation and virtual classroom experiences that address the most popular Microsoft platforms and applications like Windows Server, SQL Server, SharePoint,Series cases for iphone 5 protects against drops and dust. Windows 8 and the Office 2013 application suite, among others. Skillsoft is a pioneer in the field of technology-delivered learning with a long history of innovation and delivering solutions for its customers worldwide, ranging from global enterprises, government, and education to mid-sized and small businesses.
“The IT landscape is constantly evolving with new applications and enhanced versions of existing applications being introduced at a rapid pace.Explore the benefits of having a fully managed dedicated server as your platform. Microsoft applications are core to the vast majority of businesses,Fun sell a huge range of Cases for iPad 4, and IT professionals need to keep their skills sharp to take advantage of the latest improvements,” said Priti Shah, director of product management, Skillsoft. “At Skillsoft, we strive to offer the most comprehensive breadth and depth of content delivered in a variety of flexible formats so learners can access the materials at a time and place that fits into their busy schedules. We’re proud to offer resources that allow technical professionals to stay ahead of the curve and look forward to expanding our Microsoft portfolio with new content in the coming months.”
Microsoft training content is available in a variety of learning formats. Courses cover a wide range of topics including backup and recovery administration for Windows Server 2012, installing and upgrading SQL Server 2012, formatting data in Excel 2013 and many more. Skillsoft’s IT and Desktop Videos are captivating, 3-5 minutes of targeted learning covering a variety of desktop and IT skills. Microsoft videos teach learners how to manage files on Windows 8, how to optimise databases with Microsoft Access, how to create charts from Excel data and more. Skillsoft’s Live Learning provides expert-led virtual classroom training, bringing the benefits of instructor-led training to the desktop. Microsoft Live Learning classes include Configuring Windows 8, Installing and Configuring Windows Server 2012 and Administering Windows Server 2012. Skillsoft’s Books24x7 ITPro collection includes an array of titles, such as “Excel 2013 Bible,” “Professional SharePoint 2013 Development,” “Mastering Microsoft Lync Server 2013” and many others.
Read the full story at www.mileweb.com/datacenter-locations.
留言列表
