Alert
TOP 10 COMPANIES WORKING ON METAVERSE
Ever since Facebook changed its name to Meta, the world has gone crazy over the metaverse drive. Web 3.0, cryptocurrencies and NFTs have already taken over a lot of space in our real lives. Though all these are technologies of the “virtual world” but are now dominating our real life choices.
You might be curious to know about the tech companies that are diving into the “metaverse”, but first, let’s understand the meaning of metaverse.
What is Metaverse?
Metaverse is a virtual world where you can connect with people via your digital avatars. That means this technology creates a virtual world that is similar to the real one. In metaverse created “virtual worlds” people can connect with each other via digital avatars.
A digital avatar is a close replica of a real human being. People can create their digital avatars in virtual reality. This technology will enable you to sit with your colleagues and chat over coffee, attend virtual concerts to dance your way around worries and will enable you to stay in a virtual world that feels real.
Metaverse Technology is closely related to virtual reality gaming. Just like Minecraft, metaverse enables people to build virtual worlds from scratch. We can build our very own customized coffee shops, homes, can even purchase virtual lands and fly away to a magical world in the metaverse.
Now let’s talk about the top 10 companies on Metaverse
1. Meta (Facebook)
Facebook is a platform where people can interact with each other, build communities and socialize while sitting at homes. The social networking platform has broken down the barriers of countries and has enabled the world to interact with people who live in far off countries.
Facebook has already changed its name to Meta, and is now experimenting with the metaverse technology. Meta’s ambitions are to transform the routine living from building 3D workrooms, virtual offices to building augmented reality headsets.
It has some big plans for its metaverse ambitions, it is working on Horizon workrooms where people will get a chance to meet in the virtual workrooms. It is also making VR headsets and is experimenting with extended realities.
2. Roblox
Roblox is an American Gaming company that was founded in 2004. Roblox the American Gaming platform and game creation company is focusing on building metaverse worlds.
Roblox’s vision for the metaverse is to create a platform for immersive co-experiences, where people can come together within millions of 3D experiences to learn, work, play, create, and socialize. Fostering a rich community built on shared experiences is central to this vision and a driving force for Roblox’s path forward.
As the metaverse continues to grow and bring people together in new, unexpected, and exciting ways, Roblox anticipates that communication will have an increasingly integral role.
Roblox’s main aim is to create a social platform where people can socialize. The 3D virtual experiences that Roblox is aiming to offer will be close to a real experience. Roblox has recently released its new feature called “spatial voice chat”. The spatial voice chat will enable people to voice chat (the way people do in real life).
3. Nike
Nike, Inc. is an American multinational corporation that is engaged in the design, development, manufacturing, and worldwide marketing and sales of footwear, apparel, equipment, accessories, and services. The company is headquartered near Beaverton, Oregon, in the Portland metropolitan area.
Nike has also recently created a virtual world called Nikeland which was developed by the Brainiac Commerce e-commerce platform. This platform gives other technologically-based merchants and brands the ability to drive scalable consumer traffic to their products and offers a fully managed solution. One sees the future develop with strong support by vendor/partners.
Nike is set to mimic the real-life experience in the virtual reality world. Players will also get a chance to wear digital Nike digs.
It has also launched exclusive virtual products to enhance the virtual “Nikeland experience”. Several mini-games, and reward based games are launched in the “Nike world”.
4. Epic Games
Epic Games, Inc. is an American video game and software developer and publisher based in Cary, North Carolina. The company was founded by Tim Sweeney as Potomac Computer Systems in 1991, originally located in his parents’ house in Potomac, Maryland.
Epic Games, and more specifically Sweeney, has been talking about the metaverse for some time now, though never quite so explicitly in the form of an announcement that they’ve raised a billion dollars for it.
This Metaverse company has announced a one million dollar investment for the Metaverse development in 2021 to pave the way for game developers to explore a plethora of opportunities in Web 3.0. It has also invested in Spire Animation Studios to port story assets such as worlds and characters into the Metaverse.
5. Decentraland
Decentraland is a 3D virtual world browser-based platform. Users may buy virtual plots of land in the platform as NFTs via the MANA cryptocurrency, which uses the Ethereum blockchain. It was opened to the public in February 2020, and is overseen by the nonprofit Decentraland Foundation.
It is helping users to create as well as monetize different apps and content while purchasing virtual pieces of land in the Metaverse Technology.
6. Tencent:
Tencent Holdings Ltd., also known as Tencent, is a Chinese multinational technology and entertainment conglomerate and holding company headquartered in Shenzhen. It is also the largest company in the video game industry in the world based on its investments.
The multiservice provider is focusing on the metaverse via its game development company TiMi Studio Group. With some top companies under its portfolio Tencent will focus on the metaverse strategy precisely via its game development wing “Tencent Games”.
7. Snapchat
The avatar filter leverages augmented reality that allows avatars to change clothes and faces as per the mood. This company is developing Metaverse through the launch of 3D Bimojis. This update of virtual humans is promoting the speed of the Metaverse technology.
8. Magic Leap:
Magic Leap is an American startup company that provides wearable technologies (like virtual reality) that allow people to interact in digital environments. Founded in 2010, the company is building the future of technology through virtual reality.
9. Unity Software
Unity is a cross-platform game engine developed by Unity Technologies, first announced and released in June 2005 at Apple Inc.’s Worldwide Developers Conference as a Mac OS X-exclusive game engine.
Unity has its eye on the metaverse, anticipating a huge demand for content creators to build assets to populate the 3D internet.
10. Microsoft
Microsoft is a popular company for Meta focused on developing a series of Metaverse applications on the top of the Mesh platform. It is also building a new augmented reality chipset for Metaverse with Qualcomm for providing access to new features. Microsoft is one of the forefront companies developing Metaverse by updating AltspaceVR for making a Metaverse Technology much safer place for users and players.
The UN is testing technology that processes data confidentially
How to analyse data without revealing their secrets
Data are valuable. But not all of them are as valuable as they could be. Reasons of confidentiality mean that many medical, financial, educational and other personal records, from the analysis of which much public good could be derived, are in practice unavailable. A lot of commercial data are similarly sequestered. For example, firms have more granular and timely information on the economy than governments can obtain from surveys. But such intelligence would be useful to rivals. If companies could be certain it would remain secret, they might be more willing to make it available to officialdom.
A range of novel data-processing techniques might make such sharing possible. These so-called privacy-enhancing technologies (pets) are still in the early stages of development. But they are about to get a boost from a project launched by the United Nations’ statistics division. The un pets Lab, which opened for business officially on January 25th, enables national statistics offices, academic researchers and companies to collaborate to carry out projects which will test various pets, permitting technical and administrative hiccups to be identified and overcome.
The first such effort, which actually began last summer, before the pets Lab’s formal inauguration, analysed import and export data from national statistical offices in America, Britain, Canada, Italy and the Netherlands, to look for anomalies. Those could be a result of fraud, of faulty record keeping or of innocuous re-exporting.
For the pilot scheme, the researchers used categories already in the public domain—in this case international trade in things such as wood pulp and clocks. They thus hoped to show that the system would work, before applying it to information where confidentiality matters.
They put several kinds of pets through their paces. In one trial, OpenMined, a charity based in Oxford, tested a technique called secure multiparty computation (smpc). This approach involves the data to be analysed being encrypted by their keeper and staying on the premises. The organisation running the analysis (in this case OpenMined) sends its algorithm to the keeper, who runs it on the encrypted data. That is mathematically complex, but possible. The findings are then sent back to the original inquirer.
That inquirer thus receives its answers, but never has access to the information on which those answers are based. Moreover, for extra security, the results are processed by another pet, called differential privacy. This employs elaborate maths to add a smidgen of statistical noise to a result. That makes the findings less precise, but means they cannot be reverse-engineered to reveal individual records. It also permits the organisation releasing the findings to set a so-called “privacy budget”, which determines the level of granularity disclosed by the data. The result is a belt-and-braces approach. In the argot of the field, smpc provides input privacy, while differential privacy offers output privacy.
In a second trial using the same data sets, the pets Lab arranged for Oblivious Software, a company in Dublin, to test “trusted execution environments”, also called “enclaves”, as a form of input privacy. To set these up data are first encrypted by their keeper and then sent to a special, highly secure server that has been built in a trustworthy way, so that every operation can be tracked and its memory fully cleared after the job is done.
Once safely stored in this server’s hardware, the data are decrypted and the desired analysis performed. For extra security, cryptographic hashes and digital signatures are applied, to prove that only authorised operations have taken place. The output is likewise statistically blurred, using differential privacy, before being sent back to the original inquirer.
In the tests, both approaches did indeed spot anomalies. For example, although American and Canadian records of the value of wood pulp traded between the two countries were basically the same, their data on the value of the clock trade differed by 80%. “Tech-wise, it worked,” gushed Ronald Jansen of the un statistics division, who administers the new lab.
Whether it works bureaucratically remains to be seen. But the putative benefits would be great. The use of pets offers not only a means of bringing together data sets that cannot currently interact because of worries about privacy, but also a way for all sorts of organisations to collaborate securely across borders.
The pets Lab’s next goals are to dive more deeply into trade data and to add more agencies to the roster. This all comes as many governments take a bigger interest in pets. In December America and Britain announced they plan, this spring, to launch a “grand challenge” prize around pet systems. The sharing of data—and their use—may now be getting easier. ■
To enjoy more of our mind-expanding science coverage, sign up to Simply Science, our weekly newsletter.
What’s the Deal With Anti-Cheat Software in Online Games?
Cheat deterrents like kernel drivers are raising legitimate privacy concerns. But it’s not all bad news.
IN THE PAST decade, big competitive online games, especially first-person shooters like Activision-Blizzard’s Call of Duty and Bungie’s Destiny 2, have had to massively scale up their operations to combat the booming business of cheat sellers. But an increasingly vocal subset of gamers is concerned that the software meant to detect and ban cheaters has become overly broad and invasive, posing a considerable threat to their privacy and system integrity.
At issue are kernel-level drivers, a relatively new escalation against cheat makers. The kernel itself—sometimes called “ring 0”—is a sequestered portion of a computer, where the core functionality of the machine runs. Software in this region includes the operating system, the drivers that talk to hardware—like keyboards, mice, and the video card—as well as software that requires high-level permissions, like antivirus suites. While faulty code executed in user mode—“ring 3,” where web browsers, word processors, and the rest of the software we use lives—results in that specific software crashing, an error in the kernel brings down the whole system, usually in the ubiquitous Blue Screen of Death. And because of that sequestration, user-mode software has very limited visibility into what’s happening in the kernel.
It’s not surprising, then, that some people have reservations. But the reality is that security engineers, especially those working to establish fairness in the hyper-competitive FPS genre, haven’t been given a lot of choice. Anti-cheat systems are heading to the kernel in part because that’s where the cheaters are.
“Back in the 2008 era, effectively no one was using kernel drivers, like maybe 5 percent of sophisticated cheat developers,” says Paul Chamberlain, a security engineer who has worked on anti-cheat systems for games like Valorant, Fortnite, and League of Legends. Chamberlain recalls seeing his first kernel-based game exploit—the infamous World of Warcraft Glider—at the Defcon security conference in 2007. “But by 2015 or so, pretty much all the sophisticated, organized cheat-selling organizations were using kernel drivers.” With the tools available, there wasn’t much anti-cheat software could do against aimbots and wallhacks that lived in the kernel. Around this same time, at a Steam developer conference, Aarni Rautava, an engineer with Easy Anti-Cheat—which would eventually be purchased by Epic Games—claimed the overall marketplace for cheats had grown to somewhere north of $100 million.
Still, games studies were, and often remain, cautious about implementing their own driver solutions. Working in the kernel is difficult—it’s more specialized and requires loads of quality assurance testing because the potential impact of bad code is so much more drastic—which leads to increased expense. “Even at Riot, nobody wanted us to make a driver. Internally, they were like, ‘Look, this is too risky,’” says Clint Sereday, another security engineer who worked on Vanguard, Valorant’s kernel-level anti-cheat system. “At the end of the day, they don’t want to have to put out a driver to protect their game if they don’t need to.” But in the hyper-competitive FPS space, especially a tactical shooter where a single headshot can mean instant death, cheats have an outsized impact that can quickly erode players’ trust. In the end, Riot seemingly calculated that any backlash a kernel solution produced (and there was plenty) was still preferable to being hamstrung from fighting cheaters on even ground.
But to many gamers, who pushed into the kernel first isn’t important. They worry that an anti-cheat kernel driver could secretly spy on them or create exploitable vulnerabilities in their PCs. As one Redditor put it: “I’ll live with cheaters. My privacy is more important than a freaking game.”
A kernel driver could certainly introduce some sort of vulnerability. But the chances that a hacker would target it are slim, at least for the vast majority of people. “You’re talking easily hundreds of thousands of dollars, perhaps millions, for an exploit like that if it’s going to be remotely executable,” says Adriel Desautels, founder of penetration testing company Netragard. “What attackers would rather spend their time and money on are things where they can hit one thing and get a lot of loot,” like other criminal hacks or malware attacks where huge troves of valuable data were stolen or held for ransom.
In most cases, hackers can get what they want without anywhere near that level of sophistication. As part of its penetration testing, Netragard simulates the work of ransomware groups, and “even when we’re delivering the most advanced level of that service, we don’t need to use attacks that go down that low. There’s never been a need or even an inkling of a need at that level,” Desautels says. The credit card information of the average Arma 3 player would absolutely never be worth the effort of a nation-state-level infiltration job. While kernel-level drivers do introduce potential risks, Desautels says, “if any of those things were to be realized in an effective and damaging manner, it would be really an extraordinary situation.”
And if that situation were ever to have occurred, it likely already would have in 2016, when Capcom pushed out a kernel driver for the PC version of Street Fighter V. “It had a vulnerability that let anyone load kernel code arbitrarily. So you could take the Capcom driver and then sideload your own code,” says Nemanja Mulasmajic, who did security for Valorant and Overwatch, which allowed users to bypass “all the signature checks and all the security features the Windows had built up.” An embarrassed Capcom reverted the code shortly thereafter. It might seem like this is even more evidence that kernel-level anti-cheats are huge vulnerabilities, and on one level they are, but most kernel drivers have similar vulnerabilities, and exploiting them requires technical skill and physical access to the computer with the driver installed.
A kernel driver leading to an external attack might be staggeringly unlikely, but many gamers worry that this software is designed, at least in part, to provide game companies themselves with unprecedented levels of access and information about users’ machines. Chamberlain contends there’s “no incentive” for anti-cheats to go on a “fishing expedition” for users’ personal information.
With tech companies accused of harvesting tranches of user data, anyone could be forgiven for harboring suspicions. For Desautels, once again, the issue is quickly contextualized by pure financial and reputational motives. “If [hackers] found that gaming companies were effectively carrying out acts of micro-espionage or stealing people’s information or whatever, they would write that up fast, that’d be great for their credibility,” he says. “That would be a treasure for them.” And to that end, some anti-cheats do offer significant bug bounties to the sort of gray hats who might be inclined to take this software apart.
The relative risk of programming in the kernel also tends to be an advantage for the privacy-minded. “Scans that look for cheats or scans that analyze game behavior, or anything that sends information back to the game developers’ servers, that will usually not be running in the kernel and not be active unless the game is active,” Chamberlain says. “The reason is that kernel programming is actually kind of difficult to do. And so you want to do as little of it as possible.” The driver primarily uses its god-like permissions to silo the game, preventing other processes from dropping in and tampering with the game state—less an all-seeing eye than a highly intimidating bouncer.
It’s worth recalling that non-kernel anti-cheats have been accused of these sorts of overreaches in the past. In 2005, Blizzard’s Warden was accused of harvesting raw user data; in 2014, Valve Anti-Cheat was called out for supposedly snooping on players’ web histories. Neither of these claims ended up holding water. More modern anti-cheat software, both kernel-level and otherwise, might look at a list of software installed on a machine, or what DLL files are being injected into the game, according to Chamberlain—things he believes the majority of users would not consider sensitive (although whether you want Riot or Activision Blizzard to know what you have installed on your PC is up to you). “Anti-cheat developers are trying to make these calls as to what is reasonable for them to look at. And they’re usually very conservative about what they check,” he says. But ultimately, as any developer will tell you, all software is a matter of trust. If you feel uncomfortable with a kind of program or a specific company, your best bet is to simply not install it, even if that means sitting out the latest big game.
Of course anti-cheat software isn’t without problems. In the past, it’s been known to cause issues loading other drivers, and in some cases it has even blocked drivers that tools like fan controllers and temperature monitors used to function. Like any anti-cheat, it sometimes registers false positives, suspending players who were playing fair. But typically these issues get resolved relatively quickly.
While game developers have been trying hard to build user trust in kernel drivers, earlier this year Microsoft seemingly lobbed a grenade into the discussion with a blog post for the forthcoming Halo Infinite. “Our anti-cheat philosophy is to make cheating more difficult in ways that don’t involve kernel drivers or background services … When people do cheat, we’re focused on catching them through their behavior and not from data that we’ve harvested from their machines,” security engineer Michael VanKuipers wrote. “It almost felt like a comment straight to us [the Vanguard team],” Chamberlain says of his former colleague. “Like, ‘Hey, we were building a kernel driver together, and then you went to Microsoft and now you’re like, definitely not building one.’”
As any developer will tell you, all software is a matter of trust. If you feel uncomfortable with a kind of program or a specific company, your best bet is to simply not install it, even if that means sitting out the latest big game.
VanKuipers and Microsoft declined to comment for this story, so it’s hard to know what they have up their sleeves or why they appear to be playing on these specific fears and doubts. “As an OS vendor, they have access to a lot of information that third parties don’t have, so we’ll see how effective it is for Halo,” Sereday says. The franchise has also almost entirely been released on console, where these types of cheats are significantly more difficult to develop, and vanishingly rare in practice. But one of Halo Infinite’s big selling points was that it would launch on console and PC simultaneously, and with crossplay between the platforms.
Tellingly, within days of launching, the Halo subreddit exploded with complaints about the absence of anti-cheat measures. “I’ve played Halo since day one of the original,” one user wrote, “There is always someone with a modded controller, or [several players] who come in as a group and troll instead of playing to the objective, but never have I EVER seen cheating on this scale.” More than a few gamers—and games publications—have strongly suggested making crossplay optional in order to insulate console players from the fairness issues endemic to PC play.
Whatever the case, kernel drivers (or the absence thereof) are only a piece of the puzzle that keeps multiplayer games fair. “Good security comes in layers,” Sereday says. Game design itself plays a big part in incentivizing positive behavior, while it can also make restarting a fresh character after a ban extra painful. Binary protection—which makes games more difficult to crack open, thereby limiting cheaters’ ability to reverse-engineer them—can act as a first line of defense. It’s something Sereday and Mulasmajic are embarking on in their new venture, Byfron.
Then there are detection methods, which look for what’s happening in the system state and decide if anything seems off. Machine learning makes sure players are acting like humans rather than bots. Device IDs make it harder for banned players to make new accounts with the same hardware. And the nuclear option—lawsuits—are employed to take down cheating rings when they’re discovered. These are only a few of the tools games companies have had to build to ensure some level of fairness in the modern age. But somehow kernel drivers have become both a buzzword and a boogeyman.
Once a critical mass of players believes their losses stem from another person’s unfair advantage, trust is exceedingly difficult to recover. The same applies to preventative measures; the most elegant piece of code will still fail if consumers are reluctant to go along with it. If cheaters continue to escalate their tactics, security engineers may respond in kind, potentially with even more invasive systems. It ultimately comes down to balancing necessity, cost, risk, and perception.
“When we evaluate a new piece of anti-cheat technology, that’s kind of the criteria that we’re assessing,” Chamberlain says. “How are players and the public in general going to react to this idea? Like, are they comfortable with this tradeoff? Sometimes the answer is going to be no.”
Samsung seems to be adopting a new strategy for software updates in Europe
Sideloading One UI builds might become much easier
Samsung’s software updates have been much better over the last few years, with both its speed and longevity rapidly improving. As great as that is, there’s still one part of the company’s update process that remains incredibly frustrating: region fragmentation. Right now, a Galaxy S21 sold in the UK has a different software version from an S21 sold elsewhere in Europe, even though the hardware is the same. Thankfully, Samsung could be looking to change that.
If you’ve ever noticed that our monthly Samsung update roundups often say things like, “so far, this patch has only been spotted in X country,” there’s an easy explanation. Each phone carries a specific “CSC” code that identifies its region. Updates start in specific locations, presumably to avoid damage caused by buggy releases. If you can catch problems before a software patch reaches every region, you mitigate the possible damage caused. That sounds good on the surface, but this software development method presents its own share of problems.
As things are now, moving to another country that uses a different CSC from where you bought your phone causes your update schedule to fall off-schedule. It’s not a deal-breaker, but with some regions occasionally waiting weeks for a security patch other countries already have, it’s not the best user experience. On the development side, testing and deploying multiple versions of the same software is an unnecessary resource drain for Samsung.
According to Galaxy Club, this problem could finally be changing. The 4G variant of the Galaxy A52 had far fewer CSC variants than other phones, a trend that continued with the Galaxy Z Fold3 and Flip3. All the European models seem to share the same CSC, regardless of their origin. Galaxy Club notes that the branded phones in the Netherlands still have different CSCs, but after doing some digging, I can see that the carrier-branded devices in the UK share the same firmware build as unlocked models, so this could vary based on carrier and country.
In addition to those few models from 2021, it seems that Samsung’s 2022 lineup — including the Galaxy A13, A33, A53, and S22 series — will all follow suit. Galaxy Club says these devices are being developed without local CSCs, and with any luck, the company won’t limit this change to just those models.
So, what’s the upside for users? The most significant benefit comes from reducing the resources Samsung spends on preparing these updates. Instead of developing one build per country, it’ll only need to work on one build per region. The time saved with this process will allow Samsung to get these updates ready and out the door quicker than ever before. We’ve already seen what this world could look like: Galaxy S21 received Android 12 in record time, and a change in strategy like this could make Android 13 reach users even faster.
If this does happen, it doesn’t mean that every Galaxy S22 will get simultaneous updates from now on. Hardware differences between phones sold in the US and international regions require separate software variants. Samsung could still decide to divide devices based on location, retaining the ability to triage buggy releases if needed. It remains to be seen what the company will ultimately do here, but hopefully, whatever direction it takes will lead to faster updates for everyone.
There’s a way to delete the frightening amount of data Google has on you
We’ll walk you through how to delete the information Google collects about you, from what you search to your location.
Google may be collecting far more personal data and information than you might realize. Every search you perform and every YouTube video you watch, Google is keeping tabs on you. Google Maps even logs everywhere you go, the route you use to get there and how long you stay, no matter if you have an iPhone or an Android. It can be eye-opening and possibly a little unsettling looking into everything Google knows about you.
Google’s tracking has caught the attention of attorneys general from Indiana, Texas, Washington state and Washington, DC. They allege the search giant makes it “nearly impossible” for people to stop their location from being tracked and accuse the company of deceiving users and invading their privacy. As a result, the attorneys general are suing Google over its use of location data.
Since 2019, Google has made changes to how your location data is collected and the options you have in controlling it. This includes autodelete controls, which allow people to automatically delete their location data on a rolling basis, and an incognito mode in Google Maps, which lets people browse and get directions without Google saving that information.
We’re going to cut through all the clutter and show you how to access the private data Google has on you, as well as how to delete some or all of it. Then we’re going to help you find the right balance between your privacy and the Google services you rely on by choosing settings that limit Google’s access to your information without impairing your experience.
Find out what private information Google considers ‘public’
Chances are, Google knows your name, your face, your birthday, your gender, other email addresses you use, your password and phone number. Some of this is listed as public information (not your password, of course). Here’s how to see what Google shares with the world about you.
1. Open a browser window and navigate to your Google Account page.
2. Type your Google username (with or without “@gmail.com”).
3. From the menu bar, choose Personal info and review the information. You can change or delete your photo, name, birthday, gender, password, other email addresses and phone number.
4. If you’d like to see what information of yours is available publicly, scroll to the bottom and select Go to About me.
5. On this page, each line is labeled with either a people icon (visible to anyone), office building icon (visible only to your organization) or lock icon (visible only to you). Select an item to choose whether to make it public, semipublic or private. There’s currently no way to make your account totally private.
Take a look at Google’s record of your online activity
If you want to see the motherlode of data Google has on you, follow these steps to find it, review it, delete it or set it to automatically delete after a period of time.
If your goal is to exert more control over your data but you still want Google services like search and Google Maps to personalize your results, we recommend setting your data to autodelete after three months. Otherwise, feel free to delete all your data and set Google to stop tracking you. For most of the day-to-day things you do with Google you won’t even notice the difference.
1. Sign in to your Google Account and choose Data & Privacy from the navigation bar.
2. To see a list of all your activity that Google has logged, scroll to History Settings and select Web & App Activity. This is where all your Google searches, YouTube viewing history, Google Assistant commands and other interactions with Google apps and services get recorded.
3.To turn it completely off, move the toggle to the off position. But beware — changing this setting will most likely make any Google Assistant devices you use, including Google Home and Google Nest smart speakers and displays, virtually unusable.
4. If you want Google to stop tracking just your Chrome browser history and activity from sites you sign in to with your Google account, uncheck the first box. If you don’t want Google to keep audio recordings of your interactions with Google Assistant, uncheck the second box. Otherwise, move on to Step 5.
5.To set Google to automatically delete this kind of data either never or every three or 18 months, select Auto-delete and pick the time frame you feel most comfortable with. Google will immediately delete any current data older than the time frame you specify. For example, if you choose three months, any information older than three months will be deleted right away.
6. Once you choose an Auto-delete setting, a pop-up will appear and ask you to confirm. Select Delete or Confirm.
7. Next, select Manage Activity. This page displays all the information Google has collected on you from the activities mentioned in the previous steps, arranged by date, all the way back to the day you created your account or the last time you purged this list.
8. To delete specific days, select the trash can icon to the right of the day, then choose Got it. To get more specific details or to delete individual items, select the three stacked dots icon beside the item then choose either Details or Delete.
9. If you’d rather delete part or all of your history manually, select the three stacked dots icon to the right of the search bar at the top of the page and choose Delete activity by, then choose either Last hour, Last day, All time or Custom range.
10.To make sure your new settings took, head back to Manage Activity and make sure whatever’s there only goes back the three or 18 months you selected.
Access Google’s record of your location history
Perhaps even more off-putting than Google knowing what recipes you’ve been cooking, what vacation destination you’re interested in or how often you check the Powerball numbers, the precision of Google’s record of your whereabouts can be downright chilling, even if you never do anything you shouldn’t.
If you’re signed in to Google Maps on a mobile device, Google is watching your every move. It’s about enough to make you want to leave your phone at home. Thankfully, that’s unnecessary. Here’s how to access, manage and delete your Google location data:
1.Sign in to your Google Account and choose Data & Privacy from the navigation bar.
2.To see a list of all your location data that Google has logged, scroll to History Settings and select Location History.
3. If you want Google to stop tracking your location, turn the toggle on this page to off.
4.To set Google to automatically delete this kind of data either never or every three or 18 months, select Auto-delete, then pick the time frame you feel most comfortable with. Google will delete any current data older than the time frame you specify. For example, if you choose three months, any information older than three months will be deleted immediately.
5. Once you choose an autodelete setting, a popup will appear and ask you to confirm. Select Delete or Confirm.
6. Next, click Manage History. This page displays all the location information Google has collected on you as a timeline and a map, including places you’ve visited and the route you took there and back, as well as frequency and dates of visits.
7. To permanently delete all location history, click on the trash can icon in the lower right corner and choose Delete Location History when prompted. To delete individual trips, select a dot on the map or a bar on the timeline, then on the next page click the trash can icon beside the date of the trip you want to delete.
8.To make sure your location data really disappeared, go back to History Settings, then after Manage History, make sure the timeline in the upper left corner is empty and there are no dots on the map indicating your previous locations.
Manage your YouTube search and watch history
Of all the personal data that Google tracks, your YouTube search and watch history is probably the most innocuous. Not only that, allowing Google to track your YouTube history might have the most obvious benefit to you — it helps YouTube figure out what kind of videos you like so it can dish out more of the type of content you’ll enjoy.
Here’s how to get a look at your YouTube history and, if you want to, how to delete it, either manually or at three- or 18-month intervals. Just like with Web & App Activity, we recommend setting YouTube to purge your data every three months. That’s just long enough that YouTube’s recommendations will stay fresh, but doesn’t leave a years-long trail of personal data lingering behind.
1. Sign in to your Google Account and choose Data & Privacy from the navigation bar.
2. To see a list of all your YouTube data that Google has logged, scroll to History Settings and select YouTube History.
3. If you want Google to stop tracking your YouTube search and viewing history entirely, turn off the toggle on this page. To stop Google from tracking either just the videos you watch or just your searches, uncheck the appropriate box.
4.To set Google to automatically delete your YouTube data either never or every three or 18 months, select Auto-delete and pick the time frame you feel most comfortable with. Google will delete any current data older than the time frame you specify. For example, if you choose three months, any information older than three months will be deleted immediately.
5. Once you choose an autodelete setting, a popup will appear and ask you to confirm. Select Delete or Confirm.
6.Next, click Manage History. This is where every search you make and every video you watch is listed.
7. To delete specific days, select the trash can icon to the right of the day, then choose Got it. To get more specific details or to delete individual items, select the three stacked dots icon, then choose either Delete or Details.
8. If you’d rather delete part or all of your history manually, select the three stacked dots icon to the right of the search bar at the top of the page and choose Delete activity by, then choose either Last hour, Last day, All time or Custom range.
9.To make sure your YouTube data really disappeared, start over with History Settings, then after Manage History,make sure whatever’s there (if you deleted it all there should be nothing) only goes back the three or 18 months you selected.
One more important thing about your privacy
Be forewarned, just because you set Google not to track your online or offline activity doesn’t necessarily mean you’ve closed off your data to Google completely. Google has admitted it can track your physical location even if you turn off location services using information gathered from Wi-Fi and other wireless signals near your phone. Also, just like Facebook has been doing for years, Google can track you even when you’re not signed in.
Not to mention, there are seeming contradictions between Google’s statements on privacy issues. For example, Google has admitted to scanning your Gmail messages to compile a list of your purchases in spite of declaring in a 2018 statement, “To be absolutely clear: No one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.” Perhaps by “no one” Google meant “no human,” but in an age of increasingly powerful AI, such a distinction may be moot.
The point is, it’s ultimately up to you to protect yourself from invasive data practices. These eight smartphone apps can help manage your passwords and obscure your browser data, as well as attend to some other privacy-related tasks. If you have any Google Home smart speakers in your house, here’s how to manage your privacy with Google Assistant.
You can stop Google tracking by changing these settings
Google stores your location and data history when you use any of its apps. Here’s how you can turn that off.
Do you use any of Google’s apps? If so, you’re probably being tracked. Even if you turned off location history on your Google account, you’re not completely in the clear yet. While disabling that setting sounds like a one-and-done solution, some Google apps are still storing your location data. Just opening the Google Maps app or using Google search on any platform logs your approximate location with a time stamp.
Following a 2018 investigation by the Associated Press, however, Google has made it easier to control what location and other data is saved, and what is deleted with features like Your Data in Maps and Search, which give you quick access to your location controls. You just have to know where to look.
Turning off location history only removes where you’ve been from the Google Maps Timeline feature, which logs your location with certain data at a specific time. Google’s support page on the matter says that even when turned off, “some location data may continue to be saved in other settings,” like your web and app activity. Google told us that it uses this data to make features more personalized and helpful, and that this information is never shared with third parties or advertisers. But if you still aren’t comfortable with that, with a few more steps, you can generally stop Google from knowing where you are 24/7.
Just note that turning off this default setting does have some drawbacks. While Google’s settings may seem intrusive to some, they also help cultivate an ultra-personalized online experience, such as helping people find nearby businesses instead of ones in another city, or seeing personalized ads. They help give users more relevant information instead of random information, according to Google.
Here’s how to really turn off Google tracking, and what the outcomes of doing so might be
Turn off Google’s location tracking
To completely shut down Google’s ability to log your location, here’s what to do:
1. Open Google.com on your desktop or mobile browser, and log into your Google account by using the button in the top right corner.
2. Click your user icon in the top right corner and select Manage your Google account.
3. Click Privacy & personalization.
4. Click Things you’ve done and places you’ve been.
5. Click Location history inside the History settings box. This opens Activity Controls.
6. Beneath Location History, click the button on the right that reads Turn off. This opens a pop-up window.
7. Scroll to the bottom of this window and click Pause.
What does this stop Google from storing?
Pausing this setting prevents Google from storing location markers associated with specific actions and stops storing information collected from searches or other activity. Turning it off keeps your approximate location private and other places you go — like your home address.
Note that to use certain features effectively, like the Maps app, Google will still need to access your location. However, completing the steps above prevents it from storing any future activity. When Google timestamps your activity within a general area, it is within a span of more than 1 square mile with typically more than 1,000 users to protect personal privacy. Google’s help page on the matter says this helps them to detect unusual activity, such as a sign-in from another city, while maintaining personal privacy.
However, you can grant Google permission to use your precise location — your exact location, like a specific address — for the best and acutely specific search results for where you are.
Pros and cons of turning off Google tracking
Turning off tracking means you’ll see less relevant ads, less helpful search recommendations and overall get a less-personalized experience using the search engine and its apps and services. For those who enjoy personalized ads, turning off tracking will prevent Google from predicting what you might care about. However, for those who prioritize privacy over everything, turning this setting off may be worth the loss of specificity.
The bottom line: You can maintain your privacy and lose the personalized internet experience, or continue to see relevant ads and search suggestions instead of more random, unfiltered information.
Delete old location history
Disabling tracking will prevent Google from storing new location information, but it doesn’t delete any prior data gathered. Here’s how to delete that information:
1. Open Google.com on your desktop or mobile browser, and log into your Google account by using the button in the top right corner.
2. After logging in, click your user icon in the top right corner and select Manage your Google account.
3. Click Privacy & personalization.
4. Click Things you’ve done and places you’ve been.
5. Click Location history inside the History settings box. This opens Activity Controls.
6. Click Manage history near the bottom of the page. This opens a map with a timeline in the top left corner. The map shows where you’ve been and the timeline shows where you were at what time.
7. To delete your location for a certain date, click the date in the timeline. That date will then be displayed below the timeline. Click the trash icon to the right of the date. In the pop-up window click Delete day.
8. To delete all your location history at once, click the trash icon near the bottom right corner of the map. In the pop-up window, click the box that reads I understand and want to delete all Location History. Click Delete location history.
Stop Google from collecting your web and app activity
If you’ve stopped Google from collecting your web and app activity, Google still has your data from before. Here’s how to delete your previous web and app activity:
1. Open Google.com on your desktop or mobile browser, and log into your Google account by using the button in the top right corner.
2. After logging in, click your user icon in the top right corner and select Manage your Google account.
3. Click Privacy & personalization.
4. Click Things you’ve done and places you’ve been.
5. Click Web & App Activity inside the History settings box. This opens Activity Controls.
6. Click Manage all Web & App Activity near the bottom of the screen.
7. Under Search your activity, click Delete on the right.
8. The new window will display the options to delete your Web & App Activity from the Last hour, Last day, All time or a Custom range. Select All time.
9. A new window will open and ask you to choose which services to delete activity from. Select all is automatically selected, but you can go through and pick and choose which apps or services to delete information from. Click Next when you are happy with your selection.
10. A pop-up window opens which reads Confirm you would like to delete the following activity near the top. Clickthe Delete near the bottom.
11. Click Got it.
For more, check out how to see if Google is tracking you, how much data Google collects, and how to hide where you’re going from Maps. You can also automatically delete your Google history.
Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems.
That’s according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads.
“This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by [antivirus] engines, with the final stage leading to Purple Fox rootkit infection,” researcher Natalie Zargarov said.
First discovered in 2018, Purple Fox comes with rootkit capabilities that allow the malware to be planted beyond the reach of security solutions and evade detection. A March 2021 report from Guardicore detailed its worm-like propagation feature, enabling the backdoor to spread more rapidly.
Then in October 2021, Trend Micro researchers uncovered a .NET implant dubbed FoxSocket deployed in conjunction with Purple Fox that takes advantage of WebSockets to contact its command-and-control (C2) servers for a more secure means of establishing communications.
“The rootkit capabilities of Purple Fox make it more capable of carrying out its objectives in a stealthier manner,” the researchers noted. “They allow Purple Fox to persist on affected systems as well as deliver further payloads to affected systems.”
Last but not least, in December 2021, Trend Micro also shed light on the later stages of the Purple Fox infection chain, which involves targeting SQL databases by inserting a malicious SQL common language runtime (CLR) module to achieve a persistent and stealthier execution and ultimately abuse the SQL servers for illicit cryptocurrency mining.
The new attack chain observed by Minerva commences with a Telegram installer file, an AutoIt script that drops a legitimate installer for the chat app and a malicious downloader called “TextInputh.exe,” the latter of which is executed to retrieve next-stage malware from the C2 server.
Subsequently, the downloaded files proceed to block processes associated with different antivirus engines, before advancing to the final stage that results in the download and execution of the Purple Fox rootkit from a now-shut down remote server.
“We found a large number of malicious installers delivering the same Purple Fox rootkit version using the same attack chain,” Zargarov said. “It seems like some were delivered via email, while others we assume were downloaded from phishing websites. The beauty of this attack is that every stage is separated to a different file which are useless without the entire file set.”
Dumping passwords can improve your security — really
Security keys, biometrics and a technology called FIDO are upgrading today’s feeble security foundation.
Brett Pearce/CNET
Editor’s note: In recognition of World Password Day, CNET is republishing a selection of our stories on improving and replacing passwords.
Passwords suck.
They’re hard to remember, hackers exploit their weaknesses and fixes often bring their own problems. Dashlane, LastPass, 1Password and other password managers generate strong and unique passwords for every account you have, but the software is complex. Services from Google, Facebook and Apple allow you to use your passwords for their services at other sites, but you have to give them even more power over your life online. Two-factor authentication, which requires a second passcode sent by text message or retrieved from a special app each time you log in, boosts security dramatically but can still be defeated.
A big change, however, could eliminate passwords altogether. The technology, called FIDO, overhauls the log-in process, combining your phone; face and fingerprint recognition; and new gadgets called hardware security keys. If it delivers on its promise, FIDO will make cringeworthy passwords like “123456” relics of a bygone age.
“A password is something you know. A device is something you have. Biometrics is something you are,” said Stephen Cox, chief security architect of SecureAuth. “We’re moving to something you have and something you are.”
This week, CNET is taking a look at changes that’ll help free us from password problems. Such changes are a massive effort that’ll affect you every time you check email, transfer money or log in to your employer’s network. We look at approaches to authentication that dispense with passwords, the shortcomings of two-factor authentication, the benefits of password managers. We provide some updated password-picking advice, because deeper password improvements will take years to arrive. Finally, my colleague Scott Stein shares a cautionary tale about what can go wrong with a password manager.
Read more: The best password managers of 2020
Passwords are awful
Computer passwords have been fraught since at least the 1960s. Allan Scherr, an MIT researcher, ferreted out the passwords of other researchers so he could use their accounts to continue his “larceny of machine time” for his own project. In the 1980s, University of California, Berkeley astrophysicist Clifford Stohl tracked a German hacker across government and military computers left insecure because administrators didn’t change default passwords.
The nature of passwords prompts us to be lazy. Long, complex passwords, the ones that are the most secure, are the hardest for us to create, remember and type. So many of us default to recycling them.
That’s a huge problem because hackers already have many of our passwords. The Have I Been Pwned service includes 555 million passwords exposed by data breaches. Hackers automate attacks by “credential stuffing,” trying a long list of stolen usernames and passwords to find ones that work.
FIDO fixes
Fast Identity Online, better known as FIDO, addresses these problems. It standardizes the use of hardware devices, such as security keys, for authentication. Yubico, Google, Microsoft, PayPal and Nok Nok Labs, among others, are developing FIDO.
Security keys are digital equivalents of house keys. You plug them in to a USB or Lightning port, allowing a single digital security key to work securely with many websites and apps. The key can dovetail with biometric authentication like Apple’s Face ID or Windows Hello. Some keys can be used wirelessly.
FIDO also lets sites and services replace passwords altogether, a change that could make your login life easier even as it makes hacking harder.
Fans are confident enough to make bold projections about its spread. “Within the next five years, every major consumer internet service will have a passwordless alternative,” says Andrew Shikiar, executive director of the FIDO Alliance, an industry consortium. “The bulk of those will be using FIDO.”
Because it works only with legitimate websites, FIDO stops phishing, a type of security attack in which hackers use a fraudulent email and a bogus site to con you into giving up your log-in information. FIDO also eases company worries about catastrophic data breaches, particularly of sensitive customer information like account credentials. Stolen passwords won’t be enough for a hacker to use to log on, and if FIDO catches on, companies might not require passwords to start with.
Signing on with no password
Here’s one way FIDO-based sign-on works without passwords. You’ll visit a website login page with your laptop, type in your username, plug in your security key, tap a button and then use the laptop’s biometric authentication, like Apple’s Touch ID or Windows Hello.
Conveniently, you’ll also be able to use your phone as a security key. Type in your username, get a prompt on your phone, unlock it, then approve yourself with its biometric authentication system. If you’re using your laptop, the phone communicates over Bluetooth.
FIDO supports the protection provided by multifactor authentication, which requires you to prove your log-in credentials in at least two ways.
How FIDO authentication works
Your first encounter with FIDO likely won’t look much different than two-factor authentication. You’ll first type a conventional password, then plug in or wirelessly connect a FIDO hardware security key.
The process still uses passwords, but it’s more secure than passwords alone or passwords bolstered by codes sent by SMS or retrieved from authenticators like Google Authenticator. This approach — password plus security key — is how you can use FIDO today on Google, Dropbox, Facebook, Twitter and Microsoft services like Outlook.com and eventually Windows.
“Hardware security keys are very, very secure,” said Diya Jolly, chief product officer of authentication service company Okta. That’s why congressional campaigns, the Canadian government’s computing services division and all Google employees use them.
Consumer services today often require you to plug in the keys only when logging in for the first time on a new PC or phone, or when you’re taking a particularly sensitive action like transferring money out of your bank account or changing your password. Of course, a security key can be a hassle if you don’t have it readily available when you need it.
Security keys for sale today include Yubico’s Yubikeys and Google’s Titan. Basic models cost $20, but you’ll spend $40 and up if you want ones supporting USB-C or Lightning ports or wireless communications. Advanced models like Ensurity’s ThinC, the eWBM’s Goldengate G320 and Feitian’s BioPass have built-in fingerprint readers, a feature Yubico is working on, too.
You should buy at least two keys in case you lose, break or forget your main key. With most services, you can register multiple keys, so you can leave one at home or in a safe-deposit box.
Stephen Shankland/CNET
Phones can be security keys, too
Google built FIDO key technology directly into Android in 2019 and did the same with its iPhone software in January. That lets you log in to your Google account on your laptop with a prompt that appears on your phone, as long as it’s within Bluetooth range of your laptop. Expect this approach to spread beyond Google.
Websites and browsers get FIDO authentication with a feature called WebAuthn. FIDO is built into Android so apps can use it, too, and Apple just joined the FIDO Alliance, which bodes well for FIDO support in iPhone apps.
Microsoft is a major supporter, too. It leapfrogged Google by enabling no-password log-in for Outlook, Office, Skype, Xbox Live and other online services. You’ll need a hardware key combined with Windows Hello face recognition technology or fingerprint ID; a hardware key combined with a PIN code; or a phone running Microsoft’s Authenticator app.
FIDO protection against phishing
FIDO uses the public key cryptography technology that’s protected credit card numbers online for decades. A big advantage of this approach is that a FIDO security device — either a hardware security key or a phone acting as one — won’t work with faked websites, a common trap set by hackers when phishing for passwords. Unlike people, who often don’t notice a well-crafted bogus website, security keys are registered to work only with a legitimate site.
“With security keys, instead of the user needing to verify the site, the site has to prove itself to the key,” Mark Risher, a leader of authentication work at Google, wrote in a blog post. Successful phishing attempts dropped to zero at Google after it moved its tens of thousands of employees to security keys.
No passwords also means a decrease in sensitive data for hackers to steal. That’s music to the ears of IT administrators. With FIDO, SecureAuth’s Cox says, companies no longer have “centralized databases of credentials to be stolen.”
Post-password problems
Here’s the bad news. It won’t be easy moving to our passwordless future. We’re all used to passwords, and we’re more or less comfortable with how they work. We all have our own tricks for keeping them sorted.
Setting up security keys is harder than picking a password. It’s complicated because different websites use different procedures to register and use security keys. For example, Twitter lets you use only one hardware security key today, which means backup keys won’t work.
Enrollment — the process of registering a security key with a service — “is a terrible problem,” said Jerrod Chong, chief solutions officer at Yubico, a 12-year-old company that makes security keys and is an important player in the FIDO Alliance. He expects enrollment to improve, though. (Indeed, using security keys has become smoother over the year I’ve been doing so.)
Multiply the number of accounts you have by the number of keys you have, and you’ll get a sense of the key-management hassle you face. Hardware security keys can break or be stolen, too, and Bluetooth keys can run out of batteries.
“Most people are familiar with passwords. It’s something they’ve grown up with. It’s imprinted on them,” said Forrester security analyst Chase Cunningham. “From a consumer level, we’re probably five to seven years out from killing passwords being a reality.”
Inside companies, hardware security keys won’t be an easy sell. They cost money, employees lose or forget them, and, perhaps most importantly, they’re just different from what people are used to. Heck, most people don’t even enable two-factor authentication, even though that would dramatically improve their security.
“Usernames and passwords are still the most prevalent option,” said Matias Woloski, CTO and co-founder of Auth0, which sells authentication services. “Nobody wants to take a shot at not providing that option.”
Making the case for security keys
Still, it’s important to weigh the problems with security keys against those we already face with passwords.
Hardware security keys thwart the large-scale cybercrime that passwords enable. Mechanisms to reset forgotten passwords are expensive and can be exploited by account-stealing hackers. And let’s face it — it’s a practical impossibility to remember strong, unique passwords for all the sites you use.
FIDO-powered security keys and phones and then passwordless logins will improve fundamentally feeble security, says Joe Diamond, Okta‘s vice president of product. “It’s clearly the future.”
Two-Factor & Multi-Factor Authentication: Increasing Security Measures for Your Business
Two-factor authentication (2FA) or multi-factor authentication is one of the extremely reliable kinds of user authentication today, practised to acquire the privilege to access any resource or data (from mailboxes to bank card transactions). Two-step authentication is a much more safe alternative to the regular one-factor authentication (1FA) with the use of a login-password pair, the security of which is presently quite low. There is an enormous number of techniques for hacking and evading password authentication, from social engineering to shared brute-forcing, based on programmed botnets. If cybersecurity is important to your business, keep reading for more on two-factor and multi-factor authentication.
Credits: thecloudpeople.com
In extension, some users practice the same password to sign into all their accounts, which in turn again facilitates the access of hackers to protected data and transactions. The main benefit of two-factor authentication is the extended login security. As for the shortcomings, the major two being the increase in the time of access into the system and the possibility of losing the physical media helping to pass one of the authentication means (mobile phone, U2F key, OTP).
Pros
- Stronger Protection: 2FA is an impressive cybersecurity system that can help you reduce the risk of sensitive data heist and decrease unauthorised access to your personal account. With OTP-based 2FA set up, even though frauds know your email and password, they won’t be able to access your account unless they get your smartphone.
- Low Cost: One of the main pros of 2FA is that it usually needs no spendings to set it up. Many famous online services extend this feature complimentary while some of them even give it by default. For instance, you can protect your Facebook account with two-factor authentication free of cost.
- Easy Set-Up: The other impressive thing about two-factor authentication is that it is remarkably easy to set-up. To facilitate it for your Facebook profile, you have just have to click on Settings, select the Security and Login menu option, and enable 2FA security option. To safeguard your WordPress site, you should install an apt cybersecurity plugin that hands over 2FA.
Cons
- Increased login time: Users have to take an additional step to login into an app or site, increasing time to the login method.
- Integration: 2FA mostly relies on services or hardware administered by third parties, ie, a mobile service provider delivering verification codes through SMS. This sets up a dependency problem, as the firm has no means of managing these external services should a fault occur.
- Maintenance: Continuous maintenance of a 2FA system might turn out to be a chore in the lack of an adept way of administering a database of users and different authentication techniques.
Why Should Businesses Enable 2FA
Two-factor authentication can perform a crucial role in safeguarding your site by preventing many application-based attacks. These consist of brute force and dictionary attacks, in which hackers utilise automated software to set up huge amounts of username/password combinations in order to figure out the credentials of a user.
With 2FA set up, these cyberattacks are pointless—even if hackers are adept to find a user’s password, they still miss out on the second factor of identification required to log in to the application.
Also, two-factor authentication can facilitate applications to resist social engineering attacks like phishing and spear-phishing, which aim to dupe a user into disclosing sensitive information, incorporating their username and password. Even in the event of a successful cyberattack, a hacker would still require the further form of identification requested by a 2FA solution.