Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. As it happened, the PCM employee was not using multi-factor authentication.

The Vision for Omnichannel Authentication

Data Breach Today

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions

The Growth of Adaptive Authentication

Data Breach Today

OneSpan's Tim Bedard on Evolutionary Strategies and Controls The right authentication controls at the right time for the right transactions - the adaptive authentication message is taking off, says OneSpan's Tim Bedard.

The Vision for Omnichannel Authentication

Data Breach Today

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions

The Road to Adaptive Authentication

Data Breach Today

Tim Bedard of OneSpan answers this question in his analysis of ISMG's new State of Adaptive Authentication in Banking survey

Using Blockchain for Authentication

Data Breach Today

In an interview, Rohas Nagpal, a chief architect at Primechain Technologies, describes how blockchain can be used for authentication and pinpoints areas where blockchain is not the ideal technology. He'll be a featured speaker at ISMG's Security Summit in Mumbai Thursday

Mastercard on the Evolution of Authentication

Data Breach Today

Fraud schemes have migrated in recent years, exposing inherent vulnerabilities in how most organizations authenticate users. Diego Szteinhendler of Mastercard outlines new strategies and tools for evolving authentication practices beyond solely payments security

Here's Why Account Authentication Shouldn't Use SMS

Data Breach Today

Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. APP-BASED AUTHENTICATION.

The Future of Adaptive Authentication in Financial Services

Data Breach Today

Key findings from a recent study that surveyed the state of adaptive authentication in FIs. In this webinar, OneSpan and ISMG summarize key findings from a recent study that surveyed the state of adaptive authentication

State of the Authentication Landscape

Data Breach Today

Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight?

Reddit Says Attackers Bypassed SMS-Based Authentication

Data Breach Today

Yes, Reddit Was Breached; No, Don't Dump Multifactor Authentication Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system.

Financial Fraud Drives Multi-Factor Authentication Market

Rippleshot

Among those trends is the multi-factor authentication market that continues to see new investments as financial fraud rises. In North America alone — the top multi-factor authentication market — it's already more than a $1.8

Revamping Authentication With Automation and ML

Data Breach Today

Automation and machine learning can be leveraged to make identity-driven authentication a smoother process, says Saryu Nayyar, co-founder and CEO at Gurucul, a behavioral analytics company

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

authentication email maninthemiddleattacks phishing twofactorauthentication

Hackers bypassed vein based authentication with a fake hand

Security Affairs

A couple of researchers demonstrated how to bypass vein based authentication using a fake hand build from a photo. Vein based authentication scan invisible vein pattern (i.e. SecurityAffairs – vein based authentication, hacking).

Authentication and the Have I Been Pwned API

Troy Hunt

I highlighted 3 really important attributes at the time of launch: There is no authentication. In the end, the path forward was clear - the API would need to be authenticated.

FFIEC Final Authentication Guidance

Data Breach Today

The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment

WhatsApp fixes Face ID and Touch ID authentication bypass

Security Affairs

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Below the step by step procedure to bypass the authentication. SecurityAffairs – iOS Face ID, authentication bypass flaw).

8 Ways to Authenticate Without Passwords

Dark Reading

Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment

Security Snapshot: OS, Authentication, Browser & Cloud Trends

Dark Reading

New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices

Authentication in the Era of Trusted Identity

Data Breach Today

OneSpan's David Vergara on the Combined Power of Legacy and Emerging Technologies At the advent of real-time payments, it's more critical than ever for organizations to quickly authenticate users and transactions.

Authentication Bypass Bug Hits Top Enterprise VPNs

Threatpost

Vulnerabilities Web Security authentication bypass Cisco cookie storage Encryption f5 Palo Alto Patches pulse secure VPNs vulnerabilityBusiness users of Cisco, F5 Networks, Palo Alto Networks and Pulse Secure platforms are impacted, according the U.S. government.

Good Primer on Two-Factor Authentication Security

Schneier on Security

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. authentication twofactorauthentication usabilityWhile it's often an important security measure, it's not a panacea.

Skype Glitch Allowed Android Authentication Bypass

Threatpost

Mobile Security Vulnerabilities Android Android Security authentication bypass Mobile security skypeA glitch allowed hackers to access contacts, photos and more on Android devices - simply by answering a Skype call.

How the Anonymous Artist Bansky Authenticates His or Her Work

Schneier on Security

Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom. The Di Faced Tenner is doing all the authentication heavy lifting here. Interesting scheme : It all starts off with a fairly bog standard gallery style certificate.

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The cards could be used to authenticate the holder via the RFID chip, in this scenario, it is possible to use an eID application (i.e.

Intelligent Authentication Market Grows to Meet Demand

Dark Reading

Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

Hill again: They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account, that phone number became targetable by an advertiser within a couple of weeks.

Organizations Are Adapting Authentication for Cloud Applications

Dark Reading

Companies see the changing demands of cloud identity management but are mixed in their responses to those demands

Incentives and Multifactor Authentication

Adam Shostack

It’s well known that adoption rates for multi-factor authentication are poor. For example, “ Over 90 percent of Gmail users still don’t use two-factor authentication.” ” Someone was mentioning to me that there are bonuses in games. You get access to special rooms in Star Wars Old Republic. There’s a special emote in Fortnite. Above). How well do these incentives work? Are there numbers out there? compliance product management Security Usability

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. An Israeli start-up, Silverfort , is seeking to make a great leap forward in the state-of-the-art of authentication systems. Silverfort has introduced new technology that is designed to help corporations address unprecedented authentication exposures spinning out of ‘digital transformation.’.

Google Adds Two-Factor Authentication For Its Apps on iOS

Dark Reading

Android-based two-factor authentication now works for Google applications on iPad and iPhone

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Schneier on Security

Transaction authentication is used to defend against these adversaries. This new iOS feature creates problems for the use of SMS in transaction authentication. apple authentication banking ios sms twofactorauthentication usability

Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In

Threatpost

A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. Featured Malware Mobile Security Privacy Vulnerabilities Web Security 2FA Biometrics defeat future ideas is it broken modlishka security roundtable Two Factor AuthenticationWe asked a roundtable of experts what it all means.

Office 365 Multifactor Authentication Done Right

Dark Reading

Why the ubiquitous nature of Office 365 poses unique challenges for MFA-based security and how organizations can protect themselves

Enhanced FIDO Authentication Standard Expands to the Browser

Data Breach Today

A new version of the FIDO authentication standard is designed to enable the elimination of passwords for a broader range of devices, says Phil Dunkelberger, CEO of Nok Nok Labs, who describes the latest developments

Amber Authenticate Protects Video Footage From Deepfakes and Tampering

WIRED Threat Level

Amber Authenticate wants to fix that—with the blockchain. Many of the body cameras worn by police are woefully vulnerable to hacking and manipulation. Security

Authentication Grows Up

Dark Reading

Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed

Beyond Security: 4 Authentication Considerations For The Identity Revolution

Data Breach Today