Latest news with #2FA
AsiaOne
17-07-2025
- AsiaOne
15 people under investigation for sharing Singpass credentials and facilitating scams, Singapore News
Fifteen persons are under investigation for allegedly sharing their Singpass credentials and facilitating scams that led to losses of over $890,000. The island-wide anti-scam enforcement operation was conducted between July 8 and 11, said the Singapore Police Force (SPF) on Thursday (July 17). Led by SPF and the Singpass Anti-Fraud Team, the joint operation resulted in six of the 15 individuals — five men and one woman — being arrested. The six individuals, aged between 19 and 56, were arrested for offences under Section 8A of the Computer Misuse Act 1993. According to the police, they relinquished their Singpass credentials which were allegedly used to open bank accounts that were subsequently implicated in a range of scams. Based on preliminary investigations, the scams had been facilitated in various ways. Some individuals allegedly sold their Singpass credentials, which were then used to open new bank accounts and register for new mobile phone lines. Others allegedly gave unknown parties access to their Singpass accounts without verifying their identities. Some also fell prey to fraudulent job offers or bogus investment schemes. In such cases, scam operators convinced these individuals that Singpass access was necessary to set up employment profiles, verify their identities for job applications, or create investment accounts. Investigations are ongoing. If convicted, they will face a jail term of up to three years, a fine or both. The police have reminded members of the public to protect their Singpass passwords or 2FA details from unknown people as they could be misused for illegal activities, and that they will be held accountable if found to be linked to such crimes. Members of the public may report scams via the police hotline at 1800-255-0000 or submit information online at [[nid:720166]]
Straits Times
17-07-2025
- Straits Times
15 under police probe for sharing Singpass credentials used in scams
Find out what's new on ST website and app. Members of the public should never disclose their Singpass passwords or 2FA details to unknown persons, the police said. SINGAPORE - Fifteen people here are being investigated for sharing their Singpass credentials, which were later used in scams where victims lost over $890,000 in total. Police also arrested five men and one woman, aged between 19 and 56 , among the 15 under probe. In a statement on July 17 , police said that the scams were carried out in several ways. First, some people allegedly sold their Singpass credentials which were later misused to open new bank accounts and register for new mobile phone lines. Others had given unknown parties access to their Singpass accounts without verifying their identities. In another example, some people shared their Singpass credentials after being deceived by scammers offering employment or investment schemes. They were convinced that they needed Singpass access to set up employment profiles, verify their identities for job applications, or create investment accounts. Top stories Swipe. Select. Stay informed. Singapore Fatal abuse of Myanmar maid in Bishan: Traffic Police officer sentenced to 10 years' jail Singapore HSA launches anti-vaping checks near 5 institutes of higher learning Singapore Kpod vapes, zombie kids: Why it's time to raise the alarm Life 11 new entries on Singapore's Bib Gourmand list, including three re-entries at Old Airport Road Singapore NEA monitoring E. coli at Sentosa beaches after elevated bacteria levels delay World Aquatics events Life First look at the new Singapore Oceanarium at Resorts World Sentosa Opinion The workplace needs to step up on mental health to match Singapore's efforts at the national level Singapore Singapore Zoo celebrates reptile baby boom, including hatchings of endangered species The 15 people, aged between 18 and 68 , were found following an island-wide anti-scam enforcement operation conducted between July 8 and 11 . The operation involved officers from the Commercial Affairs Department, seven police land divisions, and the Singpass Anti-fraud team. If found guilty of disclosing their Singpass credentials to facilitate an offence, they face a jail term of up to three years, a fine, or both. Members of the public should never disclose their Singpass passwords or 2FA details to unknown persons, the police said. These credentials can be misused to access various digital services, including the opening of bank accounts, e-wallets, crypto accounts, and mobile phone lines for illegal activities. To report scam-related information, the public can call the police hotline on 1800-255-0000 , or submit details online at with the assurance of confidentiality.
Android Authority
13-07-2025
- Android Authority
This is the best cross-platform 2FA app I've used — and you should try it too
Karandeep Singh / Android Authority When a sizeable chunk of online attacks involves weak passwords and unauthorized account access, second-factor authentication (2FA) is one of those magic bullets that can save your digital life from getting compromised. But they're only usable if they don't become an inconvenience themselves. Inconvenient — that's exactly what a lot of 2FA apps have been for me. Some wanted to lock me down to their app, some had themselves been compromised, while others weren't available on all the platforms I use. So, I was just jumping from one app to another whenever one started to trouble me enough. My hunt has finally come to a rest, thanks to this 2FA app, Ente Auth, which I think is (almost) perfect. One that my inner tech support guy is going to recommend to my family without thinking twice. And I figured I'd bring it up with you guys too — not to sound cheesy, but you're family too. Which authenticator app do you use for 2FA? 0 votes Google Authenticator NaN % Authy NaN % Your password manager NaN % Something else (comment below) NaN % Google Authenticator to Aegis to Ente Auth Joe Hindy / Android Authority I've never been a fan of the one-time password (TOTP) feature being built into password managers (like 1Password or Apple Passwords). That defeats the very purpose of 'second' factor authentication by putting everything in the same app for the sake of convenience. While the password managers I've used — Enpass and Bitwarden — do have the option to link TOTPs to each of my saved credentials, I consciously decided to use a separate 2FA app. Like every single person who's felt the need for extra digital protection, I started off with Google Authenticator. As with several things Google, Authenticator is basic but still a solid place to start. It's better than not using two-factor authentication at all. However, back in the day, it worked offline, so moving between devices became particularly difficult, especially for someone like me who needs to do that often. And it felt deprived of features compared to what the competition offered. I went on a spree to de-Google my everyday apps a few years ago, and that's when I found Aegis — a solid, open-source alternative to Google Authenticator. It had a clean interface and gave me the peace of mind of being completely local. But it still felt cumbersome when it came to cross-platform use. I had to manually move backups, and when I tried to switch to the iPhone 16 Pro Max last year, I learned that Aegis doesn't offer an iOS app. Joe Hindy / Android Authority It was time to find another app. My search ended with Ente Auth — the 2FA app from the same folks behind Ente Photos, a privacy-first Google Photos alternative without the big tech tracking that my colleague Rob loved. When I came across it, I immediately started looking for a catch, because how can an app be such an all-rounder and still fly under the radar? And I instantly regretted not discovering it earlier. Ente is the best of both worlds It's only now that I realize how actively involved I was in making Aegis work, especially with the lack of a proper sync feature. Meanwhile, Authy was out of the question due to its data breach last year, and Google Authenticator is, well, still Google Authenticator. Ente Auth truly offered me the best of both worlds. It was super easy to import my codes from Aegis — I was actually worried about needing to manually set up 2FA on all my hundred accounts if the transfer didn't work as expected. But thankfully, the process couldn't have been smoother. I got started within minutes! But more importantly, Ente Auth is a breeze to use. I don't have to worry about taking a backup every few weeks and manually uploading the latest to the cloud just so that everything stays up to date. The app takes care of it with real-time sync — something that works as smoothly as Google Drive syncing your files everywhere. And if you're wondering, these backups are entirely end-to-end encrypted. More importantly, Ente Auth is open source, with independent audits proving its security — a critical brownie point for an app handling such critical data. Ente backups are entirely end-to-end encrypted. Furthermore, Ente Auth is open source with independent audits proving its security. What I still haven't gotten used to is that I can access my codes anywhere. With 2FA apps, I'm conditioned to picking up my phone to copy the code or manually type it on my desktop. But every time I'm on my Mac and need to open Ente, I'm reminded that I can use the desktop app too. It's that much easier when you need to punch in those ephemeral codes 10 times a day. The anti-Ente argument Karandeep Singh / Android Authority Ente Auth is overall a well-regarded app, and I can vouch for that general sentiment with my own experience. However, it still frustrates me at times. For instance, despite using it for close to a year now, I have no clue what the quick gesture to directly copy the TOTP is. Is it a single tap, a double tap like Aegis, or a long press? I know all of these do something, but I don't know what does what. So, on most days, I end up trying all three and hoping it's picked up the code. While that's on me (only partially, okay?), I feel Ente needs to up its own security — especially since it relies on an email-password combo to sync your data. A solid way to do that would be letting users secure their account with a physical YubiKey for an ironclad vault. But maybe that's something for another day. It's still worth your attention Megan Ellis / Android Authority If you want to start using two-factor authentication (yay, welcome to the safer side of the internet!) or are looking for an alternative to your current setup, Ente Auth would be my top recommendation. It doesn't have any more of a learning curve than Google Authenticator and syncs your codes in perhaps the most secure way known to the internet, at least on the consumer side. For a solid strategy to keep your accounts safe from prying eyes, just use a reliable password manager to generate strong and lengthy passwords, pair it with Ente Auth (or whatever 2FA strikes your fancy), and you'll be good to go. That's pretty much all most of us need — because digital safety shouldn't feel like a chore.
Fox News
10-07-2025
- Fox News
Top multi-factor authentication apps to protect your accounts
Hackers often exploit reused passwords, gaining access to multiple accounts if just one is compromised. To stay safe, use strong, unique passwords for every account and change them regularly. However, passwords alone aren't enough. That's where multi-factor authentication apps come in. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Multi-factor authentication (MFA) adds an extra layer of protection to your accounts. Instead of relying only on a password, MFA requires you to verify your identity using two or more methods. These can include SMS codes, authenticator apps, or physical security keys. Two-factor authentication (2FA) is a type of MFA that uses exactly two verification methods. MFA, on the other hand, can involve two or more factors. For example, logging into your bank might require a password and a code from an app-this is MFA in action. Not all websites and apps support every type of MFA, so your choice may depend on what's available. Here's how the main options compare: Many banks use SMS for two-factor authentication because it's easy to set up and works on any phone. However, SMS is not the most secure method. Authenticator apps and physical security keys offer better protection against modern threats. Unfortunately, there's no universal MFA solution for every account. The best approach is to use the strongest MFA method each service supports. Whenever possible, choose an authenticator app or a physical security key over SMS. Using a multi-factor authentication app is one of the best ways to protect your online identity. Here are some of the top-rated options available for iPhone and Android: The Microsoft Authenticator app gives you an easy, secure sign-in experience for all your accounts and gives you additional account management options for your Microsoft personal, work, and school accounts. It can use multi-factor authentication with a one-time passcode, can go password-less by using your phone instead of a password to log in, or can use autofill passwords for you. It's easy to use and can keep multiple accounts safe and secure for you. Twilio Authy is another great app that you can use for all your accounts, including Facebook, Dropbox, Amazon, Gmail, and thousands more. It provides secure cloud-encrypted backups so that you will never lose access to your accounts, even if you lose your device. The app uses the same algorithms as many banks and the NSA use to protect their information, so you can pretty much guarantee that you'll be safe. Plus, you can even use it if you're offline or in airplane mode. The Google Authenticator app will give you an extra layer of security for your online apps. You can sync your authenticator codes to your Google Account and across your devices. It offers support for multiple accounts, and you can transfer accounts between devices by using a QR code. Plus, you can choose the type of code generation used that best suits your needs, and it works without a network or cellular connection. The Aegis Authenticator app is a free option for Android users. It is a great app to protect your online accounts from hackers and phishing. It adds an extra layer of security by generating one-time codes that you need to enter alone with your password. This way, even if a hacker steals your password, they won't be able to access your account with your phone. The Aegis Authenticator app also lets you customize and organize your accounts, backup and restore your data, and use it offline. While multi-factor authentication adds critical protection, it works best when combined with strong, unique passwords for every account. That's where a password manager comes in. Instead of trying to memorize dozens of complex passwords, a password manager securely stores them for you and automatically fills them in when needed. It can generate strong, random passwords, store them in an encrypted vault, and sync across your devices so you always have access. Using NordPass along with multi-factor authentication is one of the best strategies to keep your accounts and personal data safe from hackers. Get more details about my best expert-reviewed Password Managers of 2025 at Keeping your accounts safe doesn't have to be complicated. By using multi-factor authentication apps, you're adding a strong layer of protection that goes beyond just passwords. These apps make it much harder for hackers to get in, even if they somehow learn your password. Ready to take your security up a notch? Have you tried using an authenticator app? What has your experience been like? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Forbes
05-07-2025
- Business
- Forbes
Stop Using These Passwords Following FBI 2FA Bypass Warning
Following FBI warnings of 2FA bypass, password alerts have now emerged. FBI warnings concerning the Scattered Spider collective, behind ransomware attacks on the retail, insurance, and most recently, aviation sectors, have now become an alarming reality. Qantas has confirmed a significant cyber incident, involving a third-party supplier, has potentially impacted the data of some six million customers. 2FA bypass is common currency for Scattered Spider and other threat actors, and the FBI report has confirmed this. But maybe now it's time to also look at how poorly every sector, including consumers, manages passwords. TL;DR, dear reader, the answer is very poorly indeed. Here are the passwords that nobody should be using. FBI And CISA Password Advice Is Being Ignored Let's get one thing straight here: password management is not a difficult thing. It would seem, however, that getting the basics of password creation and use is. That's the only reason I can come up with as to why so many people, corporate, within industry sectors and consumers, are failing to do it properly. Well, there's another reason, but I'm too polite to mention it here; I'm sure you can guess what it is. The point is that, as evidenced by an updated study by NordPass, weak and downright dangerous passwords are still being used long past their expiration date. Although Scattered Spider focuses attention on bypassing 2FA protections using social engineering means to persuade IT help desks to 'add unauthorized MFA devices to compromised accounts,' it is not the only weapon in its arsenal. All ransomware groups will look to the weakest link, the easiest protection to break, when it comes to initial access. And that, as you likely will have guessed, means login credentials. The NordPass study revealed what many in the cybersecurity field already knew: weak passwords, reused passwords, and passwords that are, frankly, totally unfit for consumption, are common across most all industry sectors. Considering the Scattered Spider attacks on aviation, let's focus on the transportation sector as an example. 'The transportation and logistics industry is a critical part of global infrastructure,' Karolis Arbaciauskas, head of business product at NordPass, said, 'but the cybersecurity basics are being ignored.' Those basics can be found in this Cybersecurity and Infrastructure Security Agency advisory, compiled with the assistance of the FBI, covering the tactics, techniques and procedures used by the Scattered Spider threat group. You Should Never Use These Passwords. Period. You only have to look at the most common list for this sector, included on the report page previously linked to, and you will see what Arbaciauskas is referring to. It is peppered with such password atrocities as 123456, Dell, 12345678, password, 111111, 1234, 123456789 and qwerty. I could go, but I won't: go and see for yourself. Or you might want to take a look at this list of dangerous passwords I have compiled from NordPass and other research. 'Weak credentials put customer data, delivery routes, and operational continuity at risk,' Arbaciauskas said, adding that 'Fixing password practices is a fast, effective way to avoid delays caused by data breaches or operational downtime.' The FBI has warned you, CISA has advised you, cybersecurity professionals have shown you the dangers, so when are you going to stop using those easily hacked passwords and start taking credential security seriously? Better yet, when are you going to change to passkeys, which are way more secure?
