« View all posts

Two factor authentication you can trust

Posted by James Donaldson on March 03, 2020

Two factor authentication, or 2FA, is an important part of modern security practice. However, it was recently pointed out by Aaron Turner and Georgia Weidman that 2FA is only as secure as the device which runs the authenticator. This is an important reminder that security requires a multi-spectrum approach, and that applications are only as secure as the device they are installed on.

Security for Android devices must begin with the hardware. Not all Android devices are created equally, and the Pixel and Android One classes of mobile stand head and shoulders above the rest. Inclusion of Hardware Security Modules on the Pixels place them at the top of the secure Android class of hardware. Maintenance, updating and full firmware patches are crucial for staying ahead of attackers.

Weidman mentions "iOS is still good, but Android's [security-enhanced] SELinux is the bane of my existence as someone who's building exploits." CopperheadOS's additional tightening of SElinux policies, kernel hardening and superior memory allocation is precisely why our customers trust Copperhead devices to fully protect their important information.

Credits to Aaron Turner from Highside and Georgia Weidman from Shevirah