Using Blockchain for Authentication

Data Breach Today

In an interview, Rohas Nagpal, a chief architect at Primechain Technologies, describes how blockchain can be used for authentication and pinpoints areas where blockchain is not the ideal technology. He'll be a featured speaker at ISMG's Security Summit in Mumbai Thursday

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. APP-BASED AUTHENTICATION.

Here's Why Account Authentication Shouldn't Use SMS

Data Breach Today

Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

authentication email maninthemiddleattacks phishing twofactorauthentication

State of the Authentication Landscape

Data Breach Today

Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight?

Reddit Says Attackers Bypassed SMS-Based Authentication

Data Breach Today

Yes, Reddit Was Breached; No, Don't Dump Multifactor Authentication Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system.

Hackers bypassed vein based authentication with a fake hand

Security Affairs

A couple of researchers demonstrated how to bypass vein based authentication using a fake hand build from a photo. Vein based authentication scan invisible vein pattern (i.e. SecurityAffairs – vein based authentication, hacking).

Revamping Authentication With Automation and ML

Data Breach Today

Automation and machine learning can be leveraged to make identity-driven authentication a smoother process, says Saryu Nayyar, co-founder and CEO at Gurucul, a behavioral analytics company

Good Primer on Two-Factor Authentication Security

Schneier on Security

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. authentication twofactorauthentication usabilityWhile it's often an important security measure, it's not a panacea.

FFIEC Final Authentication Guidance

Data Breach Today

The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment

Authentication in the Era of Trusted Identity

Data Breach Today

OneSpan's David Vergara on the Combined Power of Legacy and Emerging Technologies At the advent of real-time payments, it's more critical than ever for organizations to quickly authenticate users and transactions.

Skype Glitch Allowed Android Authentication Bypass

Threatpost

Mobile Security Vulnerabilities Android Android Security authentication bypass Mobile security skypeA glitch allowed hackers to access contacts, photos and more on Android devices - simply by answering a Skype call.

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The cards could be used to authenticate the holder via the RFID chip, in this scenario, it is possible to use an eID application (i.e.

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

Hill again: They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account, that phone number became targetable by an advertiser within a couple of weeks.

Incentives and Multifactor Authentication

Adam Shostack

It’s well known that adoption rates for multi-factor authentication are poor. For example, “ Over 90 percent of Gmail users still don’t use two-factor authentication.” ” Someone was mentioning to me that there are bonuses in games. You get access to special rooms in Star Wars Old Republic. There’s a special emote in Fortnite. Above). How well do these incentives work? Are there numbers out there? compliance product management Security Usability

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Schneier on Security

Transaction authentication is used to defend against these adversaries. This new iOS feature creates problems for the use of SMS in transaction authentication. apple authentication banking ios sms twofactorauthentication usability

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. An Israeli start-up, Silverfort , is seeking to make a great leap forward in the state-of-the-art of authentication systems. Silverfort has introduced new technology that is designed to help corporations address unprecedented authentication exposures spinning out of ‘digital transformation.’.

Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In

Threatpost

A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. Featured Malware Mobile Security Privacy Vulnerabilities Web Security 2FA Biometrics defeat future ideas is it broken modlishka security roundtable Two Factor AuthenticationWe asked a roundtable of experts what it all means.

Amber Authenticate Protects Video Footage From Deepfakes and Tampering

WIRED Threat Level

Amber Authenticate wants to fix that—with the blockchain. Many of the body cameras worn by police are woefully vulnerable to hacking and manipulation. Security

More firms find biometric authentication to be most reliable method

Information Management Resources

Lower costs and improved user experience are fueling the rising interest in biometric authentication. Biometrics Identity verification Data management

Enhanced FIDO Authentication Standard Expands to the Browser

Data Breach Today

A new version of the FIDO authentication standard is designed to enable the elimination of passwords for a broader range of devices, says Phil Dunkelberger, CEO of Nok Nok Labs, who describes the latest developments

Authentication Grows Up

Dark Reading

Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed

Beyond Security: 4 Authentication Considerations For The Identity Revolution

Data Breach Today

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Threatpost

Vulnerabilities Web Security Active Directory Federation Services adfs bypass Credentials CVE-2018-8340 Microsoft multi-factor authentication Okta patch Phishing vulnerabilityThis is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.

Phishing Attack Bypasses Two-Factor Authentication

Dark Reading

Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts

Can two-factor authentication save us from our inability to create good passwords?

IT Governance

Perhaps it’s time we finally push for the widespread adoption of two-factor authentication. What is two-factor authentication? This may sound complicated, but anyone with a bank card has been using two-factor authentication for years. Authentication factor examples.

Reddit Hack: Attack Bypasses 2-Factor Authentication

Adam Levin

The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.

NEW TECH: Silverfort extends ‘adaptive multi-factor authentication’ via key partnerships

The Last Watchdog

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort’s innovation is a delivery system that enables this added measure of authentication to be delivered across many complex, dynamic systems on an as-needed basis. We can assess whether or not it is the real user before we even trigger multi factor authentication,” Kovetz says. “We

Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise

The Security Ledger

They risk undermining a range of voice and image based authentication technologies. The Deep Fake Threat to Authentication. But experts like our first guest, Vijay Balasubramaniyan of the firm PinDrop , say that deep fakes are almost certain to become more common and pose risks not just to social stability, but also to a wide variety of image and voice based authentication technologies. authentication open source Podcasts Software supply chain Technologies

Facebook Is Beefing Up Its Two-Factor Authentication

WIRED Threat Level

The update, now available to most users, comes several months after Facebook was criticized for spamming users' two-factor authentication phone numbers. Security

How to Secure Your Accounts With Better Two-Factor Authentication

WIRED Threat Level

Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead. Security

Security pros need to move beyond broken two-factor authentication

Information Management Resources

Attacker sophistication is increasing, the cost of circumventing 2FA methods are decreasing, and any organization that settles for this 'good enough' authentication is vulnerable. Data security Cyber security Encryption

NEW TECH: How ‘adaptive multi-factor authentication’ is gaining traction via partnerships

The Last Watchdog

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort’s innovation is a delivery system that enables this added measure of authentication to be delivered across many complex, dynamic systems on an as-needed basis. We can assess whether or not it is the real user before we even trigger multi factor authentication,” Kovetz says. “We

Instagram’s New Security Tools are a Welcome Step, But Not Enough

Krebs on Security

On Tuesday, the Facebook -owned social network said it is in the process of rolling out support for third-party authentication apps. New two-factor authentication options Instagram says it is rolling out to users over the next few weeks. Scroll down and tap Two-Factor Authentication.

Tools 172

Google Employees Use a Physical Token as Their Second Authentication Factor

Schneier on Security

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. Users might be asked to authenticate using their security key for many different apps/reasons.

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

Threatpost

Cloud Security Vulnerabilities Web Security authentication bypass flaw CVE-2018-10933 github libssh Open Source Server takeover vulnerabilityThe flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.

Not All Multifactor Authentication Is Created Equal

Dark Reading

Users should be aware of the strengths and weaknesses of the various MFA methods

US Judge: Police Can't Force Biometric Authentication

Dark Reading

Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says

10 Steps for Creating Strong Customer Authentication

Dark Reading

Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help

The bleak picture of two-factor authentication adoption in the wild

Elie

This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. How prevalent is 2FA authentication?