article thumbnail

Episode 245: How AI is remaking knowledge-based authentication

The Security Ledger

Six decades in, password use has tipped into the absurd, while two-factor authentication is showing its limits. We talk with Matt Salisbury of Honeybadger HQ, which is using AI and machine learning to re-imagine knowledge-based authentication. 60 years in, passwords at a breaking point. Read the whole entry. »

article thumbnail

Bank Attacks Put Password Insecurity Back in the Spotlight

The Security Ledger

Two separate attacks on banks in the United States and Pakistan revealed this week highlight once again the inherent weakness of a security practice that relies on passwords or knowledge-based credentials to protect critical information. Read the whole entry. »

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

After verifying my email address, I was asked to pick a strong password and select a form of multi-factor authentication (MFA). Password reset questions selected, the site proceeded to ask four, multiple-guess “knowledge-based authentication” questions to verify my identity.

Passwords 271
article thumbnail

Experian, You Have Some Explaining to Do

Krebs on Security

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Passwords 303
article thumbnail

Class Action Targets Experian Over Account Security

Krebs on Security

So had their passwords and account PIN and secret questions. Both had used password managers to pick and store complex, unique passwords for their accounts. To be clear, Experian does have a business unit that sells one-time password services to businesses.

Security 263
article thumbnail

FIDO - Leading the Zero Trust Passwordless Authentication Evolution

Thales Cloud Protection & Licensing

It’s no secret that passwords have become one of the weakest links in enterprise security. While password guessing and brute force attempts are still a risk, cybercriminals no longer need to go through the trouble. Protecting credentials with biometric or secured devices eliminates the risk of human error related to passwords.

article thumbnail

How to Use MITRE ATT&CK to Understand Attacker Behavior

eSecurity Planet

MITRE ATT&CK (“miter attack”) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It’s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors.