New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
Tech Times

How to Set Up Two-Factor Authentication on Google, Apple & Major Platforms Securely

Step-by-step guide to setting up two-factor authentication on Google, Apple, Microsoft, and social platforms for stronger account security.
IEEE

Bring Your Device Group (BYDG): Efficient and Privacy-Preserving User-Device Authentication Protocol in Multi-Access Edge Computing

Abstract: Authentication is an important security issue for multi-access edge computing (MEC). To restrict user access from untrusted devices, Bring Your Own Device (BYOD) policy has been proposed to ...
IEEE

Radio-Frequency Fingerprint-Tag-Based Device Authentication for Massive Random Access

Abstract: IoT devices possess a radio-frequency fingerprint (RFF) due to inherent variations in manufacturing, making it device-specific and difficult to alter. This unique RFF, derived from RF ...
GitHub

A Universal Open Standard for Passwordless, Zero-Knowledge Internet & Device Authentication

The Sovereign Access Constant (C_sa) is an open standard that eliminates stored secrets (passwords, tokens, recovery keys) by replacing them with ephemeral keys that precipitate only during real-time ...
GitHub

RescueAuthKit is a small, opinionated 2FA vault focused on one thing: reliable import/export so you can move your TOTP secrets and recovery codes between devices without ...

Your data lives in one encrypted vault file. Backup and restore are first-class features, not an afterthought. The goal is "phone <-> desktop" recovery that you can actually trust.