Instagram Adds 3 New Security Tools to Make its Platform More Secure

Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions.

And with great success comes great responsibility—responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent.

You might know that the Facebook-owned photo-sharing network has recently been a victim of a widespread hacking campaign that has affected thousands of Instagram users, leaving them locked out of their accounts.

In the wake of the security mishappening, Instagram has announced a trio of security updates intended to discourage trolls, stop misinformation, and make the platform a little safer for its one billion users.

In an official blog post, titled "New Tools to Keep Instagram Safe," published by Instagram Co-Founder & CTO Mike Krieger on August 28, the company announced three features—support for Third-Party Two Factor Authenticator Apps, About This Account, and Request Verification.

Support for Third-Party Two-Factor Authentication Apps

To increase safety and secure logins to the app, Instagram adds support for third-party two-factor authentication (2FA) apps like Duo Mobile and Google Authenticator instead of traditional text-based 2FA.

Until now, Instagram relies on text-based two-factor authentication which is believed to be less secure because it is possible for attackers to hijack your phone number and therefore, SMSes, eventually allowing them to gain access to your accounts secured using text-based 2FA.

Users are strongly recommended to enable two-factor authentication on their apps to protect their account from hackers since the feature adds an extra step of entering a random passcode sent to an approved device when you log in to your account.

To enable this feature, head on to "Settings," scroll down to select "Two-Factor Authentication," and then select "Authentication App" as your preferred form of authentication.

"If you already have an authentication app installed, we will automatically find the app and send a login code to it. Go to the app, retrieve the code and enter it on Instagram, and two-factor authentication will turn on automatically," the company says.
"If you don't have one installed yet, we will send you to the App Store or Google Play Store to download the authenticator app of your choice. Once you've installed it, return to Instagram to continue setting up your two-factor authentication."

Support for different third-party authenticator apps has started to roll out and will be widely available in the "coming weeks."

Instagram "About This Account" Feature

This feature will allow Instagram users to see details for users with large followers, including when they joined the platform, where they are located, the ads they are running, any username changes in the last year, and their social connections, in order to determine the authenticity of a given account.

"Our community has told us that it's important to them to have a deeper understanding of accounts that reach many people on Instagram, particularly when those accounts are sharing information related to current events, political or social causes," Instagram writes.

The "About This Account" is available through the menu button, and starting from September, the feature will only be available to users with larger followers, while Instagram will release it globally later on.

Apply to Get Your Instagram Account Verified


Besides "About This Account," Instagram has also rolled out a feature that allows users to request the blue verified badge in its efforts towards transparency for large public accounts, helping users to know they interacting with a notable public figure, celebrity, global brand or entity.

To get verified, your Instagram account must comply with its Terms of Service and Community Guidelines. If your account meets the criteria, you can apply for verification directly through the app.

However, "Submitting a request for verification does not guarantee that your account will be verified," Instagram writes.

To apply for verification, head on to "Settings," select "Request Verification" under the Account section, then type your full name, attach a copy of a legal business identification or a government-issued photo ID that shows your full name and date of birth, and hit "Send."

The request will then be reviewed by Instagram to confirm the authenticity, uniqueness, completeness, and notability of the account, after which you will receive a notification confirming or declining the request.

For more information about the process and eligibility for account verification, you can visit the Instagram Help Center.


Source: TheHackerNews

Google 'Titan Security Key' Is Now On Sale For $50

Google just made its Titan Security Key available on its store for $50.

First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication (2FA) for online accounts with the highest level of protection against phishing attacks.

Google's Titan Security Key is now widely available in the United States, with a full kit available for $50, which includes:

  1. USB security key,
  2. Bluetooth security key,
  3. USB-C to USB-A adapter,
  4. USB-C to USB-A connecting cable.

What Is Google Titan Security Key?

Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level.

It adds an extra layer of authentication to an account on top of your password, and users can quickly log into their accounts securely just by inserting the USB security key and pressing a button.

Titan Security Key is compatible with browsers including Google's Chrome and a number of popular online services like Gmail, Facebook, Twitter, and Dropbox.

"Titan Security Keys are also compatible with the Advanced Protection Program, Google's strongest security for users at high risk," Google Said.

"And Google Cloud admins can enable security key enforcement in G Suite, Cloud Identity, and Google Cloud Platform to ensure that users use security keys for their accounts."

How Does Titan Security Key Secure Online Accounts?

According to Google, the FIDO-compatible hardware-based security keys are thought to be more safe and efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than other 2FA methods requiring SMS, for example.

This is because even if an attacker manages to compromise your online account credentials, log into your account is impossible without the physical key.

Last month, Google said it started requiring its 85,000 employees to use Titan Security Keys internally for months last year, and the company said since then none of them had fallen victim to any phishing attack.

Google had already made the Titan Security Key available to its Cloud Security customers since July when the company first publicly announced the project.

How to Use Google Titan Security Keys?

To enable Titan Security Keys in your Google account, you need to first buy it from the Google Store.

  • Sign in to your Google account and navigate to the 2-Step Verification page.
  • Select "Add Security Key" and click Next.
  • Now, insert your Titan Security Key and tap the gold disc.
  • You'll be asked if Google can see the make and model of your security key. You can select Allow or Block. Allowing the company would make it able to help you in the future if it finds any issue with the type of key you use.
  • Follow the instructions displayed on the screen to finish adding the Titan Security Key to your account.
  • To help you sign in if your key is lost, add recovery info and backups.

Once you are done, next time when you sign in to your Google Account, your computer will detect that your account has a security key. Just connect your key to the USB port in your computer, and tap it, and you are good to go.

It should be noted that you will be asked for your security key or another second step any time you sign in from a new computer or device.

For any queries regarding the sign-up process, you can head on to the company's support page.

For now, Titan Security Key is only available to U.S. users, though the company says it will make the keys available in additional regions soon.


Source: TheHackerNews

Google Secretly Tracks What You Buy Offline Using Mastercard Data

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.

Google has paid Mastercard millions of dollars in exchange to access this information.

Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.

According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google.

Google packaged the data into a new tool for advertisers, called Store Sales Measurement, and currently being tested the tool with a small group of advertisers, allowing them to track whether online advertisements turned into real-world retail sales.

Last year when Google announced its Store Sales Measurement service, it only said the company had access to approximately 70% of U.S. credit and debit cards through partners but did not reveal their names.

This suggests that not just Mastercard, Google has deals with other credit card companies as well, which total of 70% of the people who use credit and debit cards in the United States.

However, it seems that users can reportedly opt out of offline ad tracking by merely turning off "Web and App Activity" in their Google account.

Mastercard denied that the company provided personal information to any third parties. Here's what a Mastercard spokesperson said in a statement:

"Regarding the [Bloomberg] article you cited, I’d quickly note that the premise of what was reported is false. The way our network operates, we do not know the individual items that consumer purchases in any shopping cart—physical or digital.

No individual transaction or personal data is provided. That delivers on the expectation of privacy from both consumers and merchants around the world. In processing a transaction, we see the retailer’s name and the total amount of the consumer’s purchase, but not specific items."

Google also said it did "not have access to any personal information" from its partners’ credit and debit cards, nor do it "share any personal information" with its partners.

Without any doubt, the deal has been a boon to Google, as advertisers see much bigger returns and ready to pay more money to Google.


Source: TheHackerNews

Intel Tiger Lake CPUs to come with Anti-Malware Protection

Intel’s Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks. I...