Latest news with #GoogleAuthenticator
Indian Express
2 days ago
- Business
- Indian Express
‘Your data stays yours': Sridhar Ramaswamy highlights Snowflake's strong AI guardrails
'When it comes to customer data, we offer a flat guarantee to our customers: customer data is customer data. We never use that data for training any model ourselves. All of our customers can rest assured that their data, and any AI products they build on top of it, will only be used to answer questions for them,' Snowflake CEO Sridhar Ramaswamy told At the latest edition of Snowflake Summit, Ramaswamy highlighted the company's unswerving commitment to data security and responsible AI implementation. The CEO spoke about the comprehensive measures the company is undertaking to protect customer data while enabling innovative AI capabilities. Addressing the concerns about AI companies and their data usage practices, Ramaswamy said, 'We've built mechanisms that surface security data and alerts to our customers, including visibility into how many of their accounts are not protected with strong authentication. We take these lessons seriously and are dedicated to actively collaborating with our customers to ensure the security of their data. The AI data cloud company has, over time, strengthened its security posture, implementing what it describes as a 'shared destiny' model that places greater responsibility on Snowflake to proactively protect customers rather than relying solely on traditional shared responsibility frameworks. Integral to Snowflake's enhanced security strategy is the mandatory implementation of two-factor authentication across all accounts. 'We announced that we want to make it mandatory for every account to have two-factor authentication,' Ramaswamy explained, adding that the company has also integrated modern authentication methods such as Face ID and other biometric technologies. Brad Jones, Snowflake's chief information security officer and vice president of information security, elaborated on the company's aggressive stance on eliminating single-factor authentication entirely. 'We ultimately believe to be the most secure, we have to take away some of those legacy authentication methods from our customers to really get to that best posture for them.' The security improvements extend beyond basic authentication. Snowflake has introduced passwordless authentication options, including passkeys, programmatic access tokens, and support for various authenticators like Google Authenticator, moving away from its traditional reliance on Duo for multi-factor authentication. Jones shared that Snowflake has implemented the 'leak password protection' – a system that actively monitors the dark web for compromised credentials associated with Snowflake accounts. 'We're looking in the dark web for credentials, usernames and passwords that have been leaked out there through various means like info-stealing malware or other methods, and we're validating if those are active credentials that are active in a Snowflake account. We will go as far as locking that account and really asking questions later,' Jones explained. Over the years, AI has become integral to Snowflake's platform offerings. Considering the meteoric pace of advancements in AI, Snowflake has established comprehensive governance frameworks to ensure responsible deployment. Jones informed that the company recently achieved ISO 42001 certification, an AI governance standard. 'We recently got the ISO 42001 certification, which is the AI governance certification based on the ISO standard that came out. I believe we're one of the first cloud companies, if not the first kind of cloud company, to get that,' Jones noted, explaining that this required developing standard policies and processes for appropriate AI use. Snowflake's approach to AI security uses its unified platform architecture, ensuring that existing data governance and security controls automatically extend to AI workloads. 'Because we are a single, unified platform, all of the rules that you have, whether it is for data access or data masking, work out of the box with the AI products that you create on top,' Ramaswamy explained. 'Of course, AI brings challenges like prompt injection and adversarial input. To counter that, we offer features like Cortex Guardrails to protect against malicious prompts and ensure responsible behaviour,' the CEO added. Snowflake acknowledges that for cybersecurity AI presents both opportunities and challenges. 'AI, everyone sees it as a double-edged sword, right? Any company that doesn't lean into it and adopt it is going to be left behind, but you have to put strong guardrails and guidelines in place,' Jones noted. To address AI-enhanced threats, Snowflake employs comprehensive red team testing and maintains robust detection capabilities. 'I don't believe there are any new, novel attacks that are taking place as a result of AI. It's the same things, but better and faster. So that's incumbent then on security teams to be able to react quicker,' Jones said. The company continues to invest in advanced security capabilities, including machine learning models for detecting suspicious behaviour and enhanced visibility tools through its Trust Centre platform. 'We're never going to stop in this area; as we find things that are going to be useful for our customers that we can use internally to help them or provide directly to them, we will continue to innovate,' Jones concluded. Bijin Jose, an Assistant Editor at Indian Express Online in New Delhi, is a technology journalist with a portfolio spanning various prestigious publications. Starting as a citizen journalist with The Times of India in 2013, he transitioned through roles at India Today Digital and The Economic Times, before finding his niche at The Indian Express. With a BA in English from Maharaja Sayajirao University, Vadodara, and an MA in English Literature, Bijin's expertise extends from crime reporting to cultural features. With a keen interest in closely covering developments in artificial intelligence, Bijin provides nuanced perspectives on its implications for society and beyond. ... Read More
The Citizen
30-05-2025
- The Citizen
Travelling? Here are smartphone settings to save you from theft
Smartphones hold everything from boarding passes and hotel bookings to banking apps and personal data. The one item that many people cannot do without when travelling abroad is their mobile phone. Heck, many cannot do without their smartphones even when not travelling. As smartphones become essential travel companions, adjusting your phone settings before departure can protect both your device and personal data. Smartphones Whether you're catching a flight for business or leisure, your smartphone likely holds everything from boarding passes and hotel bookings to banking apps, personal data, and photos of your loved ones to keep you company while you're away from home. If you have a smartphone and are travelling abroad, the essential travel phone settings checklist is a must to stay safe, connected, and cost-efficient abroad. From preventing theft to avoiding data roaming charges, this simple pre-travel setup guide helps travellers secure their phones and personal information before heading overseas. ALSO READ: Smartphone stolen? Here are some tips that may help you recover it Tips when travelling Travel exposes you to new digital threats, both physical and online. A few quick changes to your settings can save you from financial headaches, identity theft, or losing irreplaceable data. SmartMove shared six tips on how to set up your phone for a safe, smart, and theft-proof holiday: Disable Control Centre access from the lock screen Thieves often exploit quick-access settings to turn on aeroplane mode or disable data, making your phone untraceable. Prevent this by locking down your control centre from the lock screen. ALSO READ: 'Cool smartphones' with Graphene, the super hero component [VIDEO] Turn off mobile data and Roaming International roaming charges can rack up fast. Disable roaming and turn off mobile data unless you're using a travel-friendly plan or SIM. Authenticator App Instead of SMS for 2FA Use an authenticator app instead of SMS for two-factor authentication (2FA) Text-based 2FA may not work abroad and is vulnerable to SIM-swap fraud. Apps like Google Authenticator provide safer and more reliable alternatives. Enable Remote Tracking Features like 'Find My iPhone' or 'Find My Device' let you locate, lock, or wipe your phone remotely if it's lost or stolen. Back up Ensure all important contacts, documents, and photos are backed up to the cloud or an external drive. Auto-Connecting to public Wi-Fi Disable automatic Wi-Fi connections to avoid insecure networks, and consider using a VPN when accessing sensitive apps. Breaches Tech expert, Jes Johnson from SmartMove said many people pack their passports but forget to 'pack' their digital defences. 'A lot of theft and data breaches abroad are preventable. In fact, your phone is only as secure as its settings. 'Opportunistic theft is still a top threat, especially in tourist-heavy areas. A stolen phone can be wiped and sold in minutes if it's not properly secured. Disabling access to settings like airplane mode from the lock screen is one of the most overlooked but crucial steps,' Johnson said. Hidden costs Travellers should also take note of the hidden costs of travel, particularly around data usage. You might think you're safe just by turning your phone off or leaving it on silent, but background apps can still sync. One accidental tap and you're facing a hefty bill. Before you board the plane, treat your phone like a second passport: protect it, secure it, and plan for what you'd do if it disappeared. ALSO READ: Slow and glitchy smartphone? Try these quick fixes
Business Mayor
14-05-2025
- Business Mayor
Tech View: Password alternatives provide better security – Honolulu Star-Advertiser
Microsoft's recent announcement that it was eliminating passwords sent ripples among computer users around the world. How can one safely secure their critical online accounts without a password? Well, not to state the obvious, but the old username/password pair is not exactly the greatest method to secure access to an account. In fact, the move toward passwordless logins has been in the making for years. Nearly a decade ago Microsoft introduced the use of a personal identification number, or PIN, with Windows 10, and has steadily been encouraging its use over the past few years. The Windows PIN is actually a passkey, as I discussed here a few months ago ( passkey). And passkeys are one of the major alternatives to passwords in a passwordless environment. Passkeys are saved on your device and activated using existing methods including biometrics such as fingerprint or facial recognition. Macs are passkey-enabled as well. Of course, biometrics are more secure than a PIN. In addition to accessing your computer, passkeys can be established with an extensive list of websites. A good source for that is All major vendors are certain to support passkeys in the near future. Other alternatives to passwordless logins include one-time passwords (referred to as OTP) delivered via authenticator apps such as Google Authenticator or Microsoft Authenticator, or one of several less popular apps, all of which include either 'authenticator' or 'auth' in their names. OTP are also delivered via plain text or email. The 'magic link' is another popular alternative for website login without a password. The link is emailed to the account on file, and that link is used to get access to the site.
Economic Times
22-04-2025
- Economic Times
Is my Gmail account hacked? Google ‘warns' 3 billion users of security risk; check how to recover phished account
Gmail account hacked? You have seven days to act Live Events Why passkeys are the future Gmail attack sparks panic Premium users can access live human support Quick tips to secure your Gmail account Use a passkey associated with your device Utilize either Google Authenticator or Google Prompts, instead of SMS Add and routinely update your recovery phone number and Email Avoid clicking any links in unexpected emails about security alerts Google will never contact users directly about account security FAQs (You can now subscribe to our (You can now subscribe to our Economic Times WhatsApp channel More than 3 billion Gmail users are potentially at risk as a major phishing campaign has tricked victims through imitation of Google 's security alerts. The new attack, which employs OAuth apps and a DomainKeys Identified Mail (DKIM) bypass, has made fake emails appear confirmed the issue and is deploying updated protections. A spokesperson from the tech giant said that the new safety features will shut down the avenue for abuse once fully in to a Forbes report, if a Gmail account has been compromised and the attacker has changed password and recovery methods, the legitimate user still has seven days to reverse them. Reportedly, the recovery can be done via original recovery phone number or email—if they were previously set Ross Richendrfer was quoted in the Forbes report stating that users can always enable phishing-resistant technologies like passkeys and security keys. He also urged the users to keep their recovery information updated at regular the tech giant has issued a stern warning against relying solely on passwords or SMS-based two-factor authentication. Both these systems—the firm said—are now vulnerable to increasingly sophisticated urged the users to adopt passkeys, which are tied to their device and require biometric or PIN verification. It added that passkeys make unauthorised access significantly more was alarmed when Ethereum developer Nick Johnson received a realistic legal notice from 'no-reply@ ID. The email had a valid DKIM signature and mimicked an official Google according to the media reports, turned out that attackers had exploited a loophole. They sent genuine emails to themselves and forwarded them to victims to phish per the reports, users who are subscribed to Google One's premium service can access live human support. This includes call-backs and chat options for account recovery . Human support could significantly speed up regaining access following a need to respond as soon as possible. Utilize your recovery phone number or email—if not yet modified by the attacker—to begin account recovery within seven are also associated with your own device and need biometric or PIN authentication. They are not easy to phish or reusable like passwords, so they are significantly more secure.
Yahoo
28-03-2025
- Climate
- Yahoo
‘Can happen to anyone' really means ‘anyone': abc27 meteorologist's Facebook account hacked
HARRISBURG, Pa. (WHTM) — It all happened during a two-to-three hour period while Meteorologist Dan Tomaso was sleeping — which, given the times he can appear delivering the weather morning, noon and night, can be literally any time of day. 'I'm barely awake, and next thing I know, I'm getting texts from friends and family saying, 'What is this post on Facebook? Is everything okay?' Tomaso said. It was a post on a personal account he uses sporadically to keep in touch with close friends and family. 'My dad's going into a long-term care facility,' Tomaso said, characterizing the fake post. 'We're gonna start offloading some of his things — including cars, dune buggies.' Tomaso is 'not a dune buggy guy,' he said, and thankfully, both of his parents are fine. But the post was so realistic that a friend sent $500 via Venmo to a scam artist, who had hacked Tomaso's account and changed the credentials so Tomaso himself could no longer get in. Other friends he hadn't heard from in years contacted Tomaso to ask if items Tomaso said he tried to contact Facebook support, as any other user would do, but with little success. He managed to chat with a support agent through a different paid 'Meta Verified' account; that ultimately led to help regaining control of his account after about a week, he said. Tomaso concedes he unknowingly made one mistake: The personal account was so old (from back when he was in high school) that multi-factor authentication (i.e., security requiring something other than just a password) didn't exist when he created it, and he never thought to enable it later, even though he says he's security conscious and has safeguards on his other accounts. Jonathan S. Weissman, a principal lecturer in cybersecurity at Rochester Institute of Technology, recommends what's known as an authenticator app 'like Google Authenticator or Microsoft Authenticator. If you do it with an authenticator app, the cyber criminals, in addition to your password, would physically need your phone,' Weissman said. 'The time is always now to implement multi-factor authentication on any account you have.' Or as Tomaso put it: 'Just do it.' Tomaso's other piece of advice is to be wary of uncharacteristic social media posts such as the one the hackers posted on his page. But Tomaso wonders: If the behavior (someone quickly changing his password and then posting something unlike anything he had ever posted on his page) is so obviously fraudulent to him, why didn't all the modern artificial intelligence available to a company like Facebook catch it? Why, for that matter, didn't Google's Gmail filters flag as spam or phishing these three messages — with obvious red flags (from the unusual subject lines, to the personal email addresses for ostensible business mail, to the misspellings like 'State Farmm') sent to this reporter over the course of less than a day? Spokespeople for Google and Meta, Facebook's parent company, didn't respond to requests for comment. But Weissman described cybersecurity as a 'cat-and-mouse' game between companies, whose systems really do have the best security they've ever had, and hackers, who work tirelessly to catch up. 'Cybercriminals are constantly changing their phishing methods — changing words, changing spelling,' Weissman said. In the case of what happened to Tomaso, 'there are many variations and permutations and combinations for Facebook to look for.' Download the abc27 News+ app on your Roku, Amazon Fire TV Stick, and Apple TV devices Or Google, he said, has to strike a balance between flagging dangerous messages and not incorrectly blocking legitimate ones, which could be just as disruptive to a user who misses an important message. Weissman said it's like a seesaw where 'on one side, you have security, and on the other side, you have convenience. When one side goes up, the other side goes down.' Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
