INDUSTRY INSIGHTS YOUR PEERS ARE READING
OneSpan's David Vergara on the Combined Power of Legacy and Emerging Technologies At the advent of real-time payments, it's more critical than ever for organizations to quickly authenticate users and transactions. MORE
The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. An Israeli start-up, Silverfort , is seeking to make a great leap forward in the state-of-the-art of authentication systems. Silverfort has introduced new technology that is designed to help corporations address unprecedented authentication exposures spinning out of ‘digital transformation.’. MORE
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks MORE
Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. authentication twofactorauthentication usabilityWhile it's often an important security measure, it's not a panacea. MORE
He rightly points out that biometric authentication systems -- like Apple's Face ID and fingerprint authentication -- augment passwords rather than replace them. authentication biometrics passwords MORE
When it comes to providing a trusted customer environment, banks are typically better at resolving problems stemming from non-predictive authentication and fraud than preventing them. At this point, they’ve already taken up a minute or more of the customer’s valuable time using knowledge-based authentication (KBA) methods that, quite frankly, can no longer assure that the person on the other end of the line is who they say they are. Prevention vs. clean up. MORE
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct MORE
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords MORE
Vulnerabilities Web Security Active Directory Federation Services adfs bypass Credentials CVE-2018-8340 Microsoft multi-factor authentication Okta patch Phishing vulnerabilityThis is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. MORE
A hacker has compromised Reddit's systems and was able to make away with email addresses and account credentials. Hacks Web Security breach compromise Credentials hack Reddit reddit hack SMS sms intercept Stolen Credentials Two-factor authenticaiton MORE
Researchers crack voice authentication systems by recreating any voice using under ten minutes of sample audio. Black Hat Hacks Black Hat 2018 google Lyrebird machine learning Microsoft's Speaker Recognition API Siri Tacotron Voice Match Youtube MORE
Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort’s innovation is a delivery system that enables this added measure of authentication to be delivered across many complex, dynamic systems on an as-needed basis. We can assess whether or not it is the real user before we even trigger multi factor authentication,” Kovetz says. “We MORE
Hill again: They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account, that phone number became targetable by an advertiser within a couple of weeks. MORE
"Password-killing" authentication efforts may be on a road to nowhere. Breach Cloud Security Cryptography IoT Privacy Web Security alternatives Authentication Biometrics fido Password password killer passwords in use Troy Hunt webauthn MORE
Google software engineer reveals lack of user adoption for stronger authentication MORE
Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption. MORE
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started MORE
The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords. MORE
In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel. authentication cellphones hacking passwords phones sidechannelattacks MORE
Government Privacy Videos American Civil LIberties Union ASIS International biometric authentication biometric database facial ID facial recognition RealNetworks Robie.AI Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. SureID MORE
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment MORE
Attacker sophistication is increasing, the cost of circumventing 2FA methods are decreasing, and any organization that settles for this 'good enough' authentication is vulnerable. Data security Cyber security Encryption MORE
Yes, Reddit Was Breached; No, Don't Dump Multifactor Authentication Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. MORE
Cisco also pushed out seven high-severity fixes for its SD-WAN solution for business users, and a patch for a DoS flaw in the Cisco Nexus 9000 Series Fabric Switches. Vulnerabilities Cisco critical vulnerabilities Patches policy suite sd-wan Wireless carriers MORE
If we are destined to interact with the smart systems around us using our voice, how exactly will we manage to authenticate to those devices? If we are destined to interact with the smart systems around us using our voice, how exactly will we manage to authenticate to those devices? Semafone won the recent PAYMNTS.com Voice Challenge with a way to use Amazon’s Alexa voice assistant as an out of band authentication mechanism. Authenticate me! MORE
Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead. Security MORE
The update, now available to most users, comes several months after Facebook was criticized for spamming users' two-factor authentication phone numbers. Security MORE
Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts MORE
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed MORE
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help MORE
proof of authenticity. Easy to prove authenticity builds up trust for all parties. Blockchain Proof of Authenticity for Kofax Capture is available for pre-release from: [link]. MORE
What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. APP-BASED AUTHENTICATION. MORE
Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. Users might be asked to authenticate using their security key for many different apps/reasons. MORE
Transaction authentication is used to defend against these adversaries. This new iOS feature creates problems for the use of SMS in transaction authentication. apple authentication banking ios sms twofactorauthentication usability MORE
Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight? MORE
Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort’s innovation is a delivery system that enables this added measure of authentication to be delivered across many complex, dynamic systems on an as-needed basis. We can assess whether or not it is the real user before we even trigger multi factor authentication,” Kovetz says. “We MORE
A new version of the FIDO authentication standard is designed to enable the elimination of passwords for a broader range of devices, says Phil Dunkelberger, CEO of Nok Nok Labs, who describes the latest developments MORE
Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., MORE
Password-sharing persists, but at least multifactor authentication usage is up. Hacks Most Recent ThreatLists Privacy Web Security global businesses LastPass mfa multifactor authentication password hygiene password sharing security score the report threatlist MORE
Users should be aware of the strengths and weaknesses of the various MFA methods MORE
Names, email addresses, and some phone numbers belonging to 21 million people exposed in Timehop intrusion; Macy's incident impacts 'small number' of customers MORE
Cloud Security Vulnerabilities Web Security authentication bypass flaw CVE-2018-10933 github libssh Open Source Server takeover vulnerabilityThe flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected. MORE
On Tuesday, the Facebook -owned social network said it is in the process of rolling out support for third-party authentication apps. New two-factor authentication options Instagram says it is rolling out to users over the next few weeks. Scroll down and tap Two-Factor Authentication. MORE
Authentication Related Topics Data Breach Today
NOVEMBER 6, 2018
Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight?
Krebs on Security
AUGUST 1, 2018
What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. APP-BASED AUTHENTICATION.
Data Breach Today
AUGUST 2, 2018
Yes, Reddit Was Breached; No, Don't Dump Multifactor Authentication Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system.
Schneier on Security
AUGUST 22, 2018
Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. authentication twofactorauthentication usabilityWhile it's often an important security measure, it's not a panacea.
Data Breach Today
NOVEMBER 15, 2017
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment
Data Breach Today
JULY 6, 2018
OneSpan's David Vergara on the Combined Power of Legacy and Emerging Technologies At the advent of real-time payments, it's more critical than ever for organizations to quickly authenticate users and transactions.
The Last Watchdog
JUNE 28, 2018
The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. An Israeli start-up, Silverfort , is seeking to make a great leap forward in the state-of-the-art of authentication systems. Silverfort has introduced new technology that is designed to help corporations address unprecedented authentication exposures spinning out of ‘digital transformation.’.
The Last Watchdog
OCTOBER 22, 2018
Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort’s innovation is a delivery system that enables this added measure of authentication to be delivered across many complex, dynamic systems on an as-needed basis. We can assess whether or not it is the real user before we even trigger multi factor authentication,” Kovetz says. “We
Schneier on Security
JUNE 20, 2018
Transaction authentication is used to defend against these adversaries. This new iOS feature creates problems for the use of SMS in transaction authentication. apple authentication banking ios sms twofactorauthentication usability
The Last Watchdog
NOVEMBER 1, 2018
Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort’s innovation is a delivery system that enables this added measure of authentication to be delivered across many complex, dynamic systems on an as-needed basis. We can assess whether or not it is the real user before we even trigger multi factor authentication,” Kovetz says. “We
Dark Reading
SEPTEMBER 4, 2018
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed
Data Breach Today
APRIL 11, 2018
A new version of the FIDO authentication standard is designed to enable the elimination of passwords for a broader range of devices, says Phil Dunkelberger, CEO of Nok Nok Labs, who describes the latest developments
Data Breach Today
JUNE 4, 2018
Dark Reading
MAY 10, 2018
Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts
Adam Levin
AUGUST 3, 2018
The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.
WIRED Threat Level
JULY 22, 2018
Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead. Security
WIRED Threat Level
MAY 23, 2018
The update, now available to most users, comes several months after Facebook was criticized for spamming users' two-factor authentication phone numbers. Security
Threatpost
AUGUST 14, 2018
Vulnerabilities Web Security Active Directory Federation Services adfs bypass Credentials CVE-2018-8340 Microsoft multi-factor authentication Okta patch Phishing vulnerabilityThis is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.
Dark Reading
OCTOBER 30, 2018
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help
Threatpost
OCTOBER 17, 2018
Cloud Security Vulnerabilities Web Security authentication bypass flaw CVE-2018-10933 github libssh Open Source Server takeover vulnerabilityThe flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.
Dark Reading
OCTOBER 11, 2018
Users should be aware of the strengths and weaknesses of the various MFA methods
Krebs on Security
AUGUST 29, 2018
On Tuesday, the Facebook -owned social network said it is in the process of rolling out support for third-party authentication apps. New two-factor authentication options Instagram says it is rolling out to users over the next few weeks. Scroll down and tap Two-Factor Authentication.
Information Management Resources
MAY 1, 2018
Attacker sophistication is increasing, the cost of circumventing 2FA methods are decreasing, and any organization that settles for this 'good enough' authentication is vulnerable. Data security Cyber security Encryption
Schneier on Security
JULY 26, 2018
Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. Users might be asked to authenticate using their security key for many different apps/reasons.
Dark Reading
JULY 19, 2018
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started
Threatpost
AUGUST 10, 2018
Researchers crack voice authentication systems by recreating any voice using under ten minutes of sample audio. Black Hat Hacks Black Hat 2018 google Lyrebird machine learning Microsoft's Speaker Recognition API Siri Tacotron Voice Match Youtube
Dark Reading
JUNE 25, 2018
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks
Dark Reading
JANUARY 23, 2018
Google software engineer reveals lack of user adoption for stronger authentication
Dark Reading
SEPTEMBER 19, 2018
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct
Document Imaging Report
JULY 5, 2018
proof of authenticity. Easy to prove authenticity builds up trust for all parties. Blockchain Proof of Authenticity for Kofax Capture is available for pre-release from: [link].
Krebs on Security
JULY 23, 2018
Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g.,
Threatpost
AUGUST 1, 2018
A hacker has compromised Reddit's systems and was able to make away with email addresses and account credentials. Hacks Web Security breach compromise Credentials hack Reddit reddit hack SMS sms intercept Stolen Credentials Two-factor authenticaiton
The Security Ledger
JULY 10, 2018
If we are destined to interact with the smart systems around us using our voice, how exactly will we manage to authenticate to those devices? If we are destined to interact with the smart systems around us using our voice, how exactly will we manage to authenticate to those devices? Semafone won the recent PAYMNTS.com Voice Challenge with a way to use Amazon’s Alexa voice assistant as an out of band authentication mechanism. Authenticate me!
Threatpost
JULY 19, 2018
Cisco also pushed out seven high-severity fixes for its SD-WAN solution for business users, and a patch for a DoS flaw in the Cisco Nexus 9000 Series Fabric Switches. Vulnerabilities Cisco critical vulnerabilities Patches policy suite sd-wan Wireless carriers
Dark Reading
FEBRUARY 19, 2013
When it comes to providing a trusted customer environment, banks are typically better at resolving problems stemming from non-predictive authentication and fraud than preventing them. At this point, they’ve already taken up a minute or more of the customer’s valuable time using knowledge-based authentication (KBA) methods that, quite frankly, can no longer assure that the person on the other end of the line is who they say they are. Prevention vs. clean up.
Schneier on Security
NOVEMBER 5, 2018
He rightly points out that biometric authentication systems -- like Apple's Face ID and fingerprint authentication -- augment passwords rather than replace them. authentication biometrics passwords
Threatpost
NOVEMBER 5, 2018
"Password-killing" authentication efforts may be on a road to nowhere. Breach Cloud Security Cryptography IoT Privacy Web Security alternatives Authentication Biometrics fido Password password killer passwords in use Troy Hunt webauthn
Threatpost
NOVEMBER 12, 2018
Government Privacy Videos American Civil LIberties Union ASIS International biometric authentication biometric database facial ID facial recognition RealNetworks Robie.AI Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. SureID
Dark Reading
NOVEMBER 15, 2017
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords
Dark Reading
JULY 9, 2018
Names, email addresses, and some phone numbers belonging to 21 million people exposed in Timehop intrusion; Macy's incident impacts 'small number' of customers
Schneier on Security
AUGUST 1, 2018
Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.
Threatpost
OCTOBER 2, 2018
Password-sharing persists, but at least multifactor authentication usage is up. Hacks Most Recent ThreatLists Privacy Web Security global businesses LastPass mfa multifactor authentication password hygiene password sharing security score the report threatlist
Schneier on Security
SEPTEMBER 5, 2018
In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel. authentication cellphones hacking passwords phones sidechannelattacks
130 
Let's personalize your content