PSD2 Authentication Requirements: The Implementation Hurdles

Data Breach Today

14 deadline for compliance with the new PSD2 "strong customer authentication" requirements for electronic payments, it may take a while for European consumers to notice authentication changes

The Vision for Omnichannel Authentication

Data Breach Today

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. As it happened, the PCM employee was not using multi-factor authentication.

The Vision for Omnichannel Authentication

Data Breach Today

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions

The Growth of Adaptive Authentication

Data Breach Today

OneSpan's Tim Bedard on Evolutionary Strategies and Controls The right authentication controls at the right time for the right transactions - the adaptive authentication message is taking off, says OneSpan's Tim Bedard.

The Vision for Omnichannel Authentication

Data Breach Today

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions

The Road to Adaptive Authentication

Data Breach Today

Tim Bedard of OneSpan answers this question in his analysis of ISMG's new State of Adaptive Authentication in Banking survey

Using Blockchain for Authentication

Data Breach Today

In an interview, Rohas Nagpal, a chief architect at Primechain Technologies, describes how blockchain can be used for authentication and pinpoints areas where blockchain is not the ideal technology. He'll be a featured speaker at ISMG's Security Summit in Mumbai Thursday

Authenticating in the Age of IoT

Data Breach Today

Nok Nok Lab's Philip Dunkelberger on Why Traditional Authentication Won't Work With the advent of the internet of things, authentication needs to be far more scalable, says Phillip Dunkelberger, CEO of Nok Nok Labs

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. APP-BASED AUTHENTICATION.

Here's Why Account Authentication Shouldn't Use SMS

Data Breach Today

Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.

The Future of Adaptive Authentication in Financial Services

Data Breach Today

Key findings from a recent study that surveyed the state of adaptive authentication in FIs. In this webinar, OneSpan and ISMG summarize key findings from a recent study that surveyed the state of adaptive authentication

Mastercard on the Evolution of Authentication

Data Breach Today

Fraud schemes have migrated in recent years, exposing inherent vulnerabilities in how most organizations authenticate users. Diego Szteinhendler of Mastercard outlines new strategies and tools for evolving authentication practices beyond solely payments security

Reddit Says Attackers Bypassed SMS-Based Authentication

Data Breach Today

Yes, Reddit Was Breached; No, Don't Dump Multifactor Authentication Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system.

State of the Authentication Landscape

Data Breach Today

Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight?

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

authentication email maninthemiddleattacks phishing twofactorauthentication

Revamping Authentication With Automation and ML

Data Breach Today

Automation and machine learning can be leveraged to make identity-driven authentication a smoother process, says Saryu Nayyar, co-founder and CEO at Gurucul, a behavioral analytics company

FFIEC Final Authentication Guidance

Data Breach Today

The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment

Hackers bypassed vein based authentication with a fake hand

Security Affairs

A couple of researchers demonstrated how to bypass vein based authentication using a fake hand build from a photo. Vein based authentication scan invisible vein pattern (i.e. SecurityAffairs – vein based authentication, hacking).

Good Primer on Two-Factor Authentication Security

Schneier on Security

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. authentication twofactorauthentication usabilityWhile it's often an important security measure, it's not a panacea.

Authentication in the Era of Trusted Identity

Data Breach Today

OneSpan's David Vergara on the Combined Power of Legacy and Emerging Technologies At the advent of real-time payments, it's more critical than ever for organizations to quickly authenticate users and transactions.

8 Ways to Authenticate Without Passwords

Dark Reading

Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. An Israeli start-up, Silverfort , is seeking to make a great leap forward in the state-of-the-art of authentication systems. Silverfort has introduced new technology that is designed to help corporations address unprecedented authentication exposures spinning out of ‘digital transformation.’.

WhatsApp fixes Face ID and Touch ID authentication bypass

Security Affairs

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Below the step by step procedure to bypass the authentication. SecurityAffairs – iOS Face ID, authentication bypass flaw).

Authentication Bypass Bug Hits Top Enterprise VPNs

Threatpost

Vulnerabilities Web Security authentication bypass Cisco cookie storage Encryption f5 Palo Alto Patches pulse secure VPNs vulnerabilityBusiness users of Cisco, F5 Networks, Palo Alto Networks and Pulse Secure platforms are impacted, according the U.S. government.

Skype Glitch Allowed Android Authentication Bypass

Threatpost

Mobile Security Vulnerabilities Android Android Security authentication bypass Mobile security skypeA glitch allowed hackers to access contacts, photos and more on Android devices - simply by answering a Skype call.

How the Anonymous Artist Bansky Authenticates His or Her Work

Schneier on Security

Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom. The Di Faced Tenner is doing all the authentication heavy lifting here. Interesting scheme : It all starts off with a fairly bog standard gallery style certificate.

Authentication and the Have I Been Pwned API

Troy Hunt

I highlighted 3 really important attributes at the time of launch: There is no authentication. In the end, the path forward was clear - the API would need to be authenticated.

Security Snapshot: OS, Authentication, Browser & Cloud Trends

Dark Reading

New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

Hill again: They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account, that phone number became targetable by an advertiser within a couple of weeks.

Financial Fraud Drives Multi-Factor Authentication Market

Rippleshot

Among those trends is the multi-factor authentication market that continues to see new investments as financial fraud rises. In North America alone — the top multi-factor authentication market — it's already more than a $1.8

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The cards could be used to authenticate the holder via the RFID chip, in this scenario, it is possible to use an eID application (i.e.

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Schneier on Security

Transaction authentication is used to defend against these adversaries. This new iOS feature creates problems for the use of SMS in transaction authentication. apple authentication banking ios sms twofactorauthentication usability

Intelligent Authentication Market Grows to Meet Demand

Dark Reading

Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance

WordPress Plugin Facebook Widget affected by authenticated XSS

Security Affairs

Security experts at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in Facebook Widget. The post WordPress Plugin Facebook Widget affected by authenticated XSS appeared first on Security Affairs.

Organizations Are Adapting Authentication for Cloud Applications

Dark Reading

Companies see the changing demands of cloud identity management but are mixed in their responses to those demands

Incentives and Multifactor Authentication

Adam Shostack

It’s well known that adoption rates for multi-factor authentication are poor. For example, “ Over 90 percent of Gmail users still don’t use two-factor authentication.” ” Someone was mentioning to me that there are bonuses in games. You get access to special rooms in Star Wars Old Republic. There’s a special emote in Fortnite. Above). How well do these incentives work? Are there numbers out there? compliance product management Security Usability

Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In

Threatpost

A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. Featured Malware Mobile Security Privacy Vulnerabilities Web Security 2FA Biometrics defeat future ideas is it broken modlishka security roundtable Two Factor AuthenticationWe asked a roundtable of experts what it all means.

Google Adds Two-Factor Authentication For Its Apps on iOS

Dark Reading

Android-based two-factor authentication now works for Google applications on iPad and iPhone

Enhanced FIDO Authentication Standard Expands to the Browser

Data Breach Today

A new version of the FIDO authentication standard is designed to enable the elimination of passwords for a broader range of devices, says Phil Dunkelberger, CEO of Nok Nok Labs, who describes the latest developments