Developers: | VK (formerly Mail.ru Group) |
Date of the premiere of the system: | 2021/12/22 |
Last Release Date: | 2022/11/16 |
Technology: | Information Security - Information Security, Authentication - Information Leakage Prevention |
Content |
The main articles are:
2022
Strengthen account security with two-factor authentication
November 16, 2022 VK shared the results of the launch of the program for to protection users of its digital services VK Protect, which was launched at the end of 2022. Earlier in its framework, the company expanded its application, two-factor authentication allowed users to more flexibly manage their own, data began to notify about leaks passwords in third-party - services and much more.
Taking safety care of users is a top priority for VK. The audience only (Vkontakte as of November 2022) is more than 100 million in, person world this is a large one. VK social network in Russia realizes that it has a great responsibility for the security of each of the users. Therefore, VK not only grows technological expertise, but also implements updates to provide them in advanced ways, data protection and also conducts a number of educational initiatives aimed at developing a digital culture, noted Rustem Gazizov, Director of VK Customer Protection, Director of VKontakte Security.
|
According to VK, the number of VKontakte users who connected two-factor authentication increased by 30%. In Odnoklassniki, this figure increased by 12% over the same period. In the Post Mail.ru - by 9%. Since 2022, more than 5 million users of VK services have connected two-factor authentication.
Two-factor authentication provides protection by adding an additional step of login verification (via SMS, calling or using a one-time password generator). According to VK, the vast majority of hacking attempts were initiated on accounts that do not have two-factor authentication, which confirms the effectiveness of this security measure. In VK services, as well as partners, two-factor authentication is provided through a single VK ID login system.
Two-factor authentication is one of the most effective measures to reduce the risk of account compromise. However, at the same time, users, unfortunately, rarely think about connecting this function until they themselves become victims of hacking. The password can fall into hand to the malefactor in different ways, for example, as a result. phishing attacks In addition, password leaks occur regularly, and databases with leaked data are often publicly available, and if a person uses the same password in different services, then his accounts are at risk. Therefore, VK, a partner in, managed to information security increase the number of protected users so significantly in less than a year, |
Since the launch in August 2022, initiatives to notify users of the need to change their password due to the discovery of it in the databases of leaks of third-party services, more than 1.5 million profiles have received such alerts. And after complicating password requirements, more than 3.5 million users changed passwords to more complex ones through the VK ID cabinet. VK regularly analyzes compromised databases and promptly notifies users of the leak. This process is fully automated, all information is processed exclusively in encrypted form.
Implementation of the function to protect accounts and personal data
As part of the VK Protect data protection program, the social network has introduced a special function to protect users' accounts and personal information from unscrupulous developers of third-party applications. This was announced by VKontakte on April 12, 2022.
This feature will help protect personal data from unfair use and leaks, as well as prevent profile hacking through potentially dangerous applications that can be used to malicious actions, send spam and collect confidential information.
For security reasons, the protection feature will be enabled by default for VKontakte users on Android devices. It will not affect the operation of the official VK application, as well as alternative clients from third-party developers - if the applications were created using open API methods allowed by the social network. Their developers can contact VKontakte Support to add reliable security features to alternative applications and secure the service audience.
Updates have become part of the global VK Protect initiative - it brings together all the technology solutions that provide protection in VK ecosystem services. The updated feature is available on Android and is based on SafetyNet technology.
VKontakte supports the initiative of the Association of Professional Users of Social Networks and Instant Messengers (APPSIM) and caring Internet users in the fight against pirated applications. The social network team has always paid attention to security issues, in particular, we have been developing a protection function against such services for a long time, and at the beginning of April 2022, a really relevant time for its launch.
The security of users and their data is a key priority for our team. We are well aware of the importance of going ahead and finding solutions to protect against threats before they cause harm. Responsible for a monthly audience of more than 100 million users, we do not forget about the human factor. At first glance, it is not always easy to recognize a fraudster: the promises of special functions like the opportunity to watch "page guests" can outweigh the feeling of self-preservation. And if we can block such attackers on our platform, it is important to create special technical solutions for external threats. This is how the protection function appeared. We expect that it will help significantly increase the security of VKontakte users, said Alexander Tobol, technical director of VKontakte.
|
VK products are based on openness, security and convenience of information dissemination. In 2021, we launched an updated user data protection program - VK Protect. Its goal is to help people effectively manage privacy and use tools to protect information. We approach the issue of security comprehensively: we are engaged not only in providing technical protection, but also in education. VK unites large communication sites in the country, |
2021: VK Protect launch
VK on December 22, 2021 launched a program to protect users and their data - VK Protect. The program will combine all the technical solutions that provide protection within the VK ecosystem and help people manage privacy and use tools to protect information.
We create a comprehensive system for improving user security. Our goal is not just to provide technical protection for profiles and data using existing tools, such as two-factor authentication and, enciphering but also to help people use them competently. VK unites the largest communication platforms in, to the country so we can increase the level of security awareness and responsible attitude to our data among all users, "said RuNetAnton Antropov VK's information security director. |
As part of VK Protect, the company has expanded the use of two-factor authentication. Thanks to VK ID, it is available in all services of the VK ecosystem, where there is authorization through a single account, as well as when entering third-party partner sites and applications. Improved protection is available to the entire multi-million VK ecosystem audience. You can connect it in the settings of your personal account VK ID.
For VKontakte community administrators with more than 10,000 subscribers, two-factor authentication will be mandatory in February 2022. There are more than 140 thousand such communities on the site for December 2021. This will help further protect communities where administrators have not yet enabled two-factor authentication.
Single services are safer and more reliable than dozens of different accounts, each of which must be monitored separately. In your personal VK ID account, you can manage projects connected to your account, end VK ID sessions - or change your password if you notice suspicious activity. Two-factor authentication is another additional layer of protection for everyone, - said Rustem Gazizov, director of information security at VKontakte. |
In early 2021, the Center will appear in the personal account of VK ID. It will be possible to connect options to improve the security of your account and find out how to responsibly manage your data. For example, you can evaluate the security status of your VK ID account and get personal recommendations for data protection. In addition, it will have flexible settings for privacy and access levels.
Our products are based on openness, security and convenience of information dissemination. We constantly fight phishing and notify our users as quickly as possible of any suspicious activity. We plan to continue to develop this direction - to invest even more resources in it and actively educate Runet users, "added Olga Frolova, Director of Ecosystem Products at VK. |
As part of the VK Protect initiative, it is also planned to restart the program for payments to security researchers (Bug Bounty) VKontakte and VK ID: it will be expanded, and the level of remuneration will be increased.