Two Factor and Multifactor Authentication Strategies
- February 18, 2020
With RSA Conference just around the corner, Dell announced it has agreed to sell RSA to private equity firm Symphony Technology Group for approximately $2 billion.
- October 09, 2019
Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time.
- June 17, 2019
Yubico recalled YubiKey FIPS series devices after discovering an issue leading to reduced randomness in values generated by the keys, which are used by federal agencies.
- May 17, 2019
Google product manager Christiaan Brand discusses the journey to making 1.5 billion Android devices work as 2FA security keys and the plan for the future.
- February 08, 2019
The Department of Defense awards a $2.4 million contract to Twosense.AI in order to create a behavioral biometrics system that can replace the current ID card system.
- February 07, 2019
Reinvesting in SOCs and crafting clear risk appetite statements made the list of Gartner's top security and risk management trends. Experts sound off on what's driving these trends.
- February 06, 2019
Google's head of account security, Mark Risher, discusses the various types of 2FA and how new options of WebAuthn and U2F are going to be game changers for enterprise.
- February 06, 2019
Although some types of two-factor authentication have been found to be vulnerable, Google's Mark Risher says 2FA adoption should be the baseline of security for all enterprises.
- October 09, 2018
The government domain registrar -- DotGov -- began rolling out two-factor authentication for officials managing .gov domains in order to mitigate against DNS hijacking.
- October 08, 2018
This week's Risk & Repeat podcast discusses the latest controversy for Facebook, which has been using two-factor authentication numbers for advertising purposes.
- August 03, 2018
Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method.
- July 24, 2018
Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts.
- April 27, 2018
When it comes to biometrics, security coexists with stupidity, unless implementers take the time to understand the limits, according to Adam Englander at RSAC 2018.
- April 24, 2018
As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model.
- April 10, 2018
W3C and the FIDO Alliance have given websites a new tool for doing FIDO-compliant authentication, as the WebAuthn authentication protocol is promoted to W3C Candidate Recommendation.
- February 23, 2018
Facebook came under fire after a two-factor authentication bug sent non-security notifications to users' phones, sparking a debate about media coverage and 2FA adoption.
- October 20, 2017
Google's Advanced Protection Program greatly increases the security of user accounts, but the usability tradeoffs may not be worth it for average users.
- June 21, 2017
At the 2017 Cloud Identity Summit, Ping Identity launched a new software development kit that will embed multifactor authentication security features in mobile apps.
- May 05, 2017
News roundup: Attackers exploit SS7 vulnerability and drain bank accounts. Plus, Trump signs government IT executive order, an Intel AMT flaw threatens millions and more.
- April 07, 2017
CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.
- February 16, 2017
Yubico founder and CEO Stina Ehrensvard spoke with SearchSecurity at RSAC 2017 about FIDO authentication and how Google uses it to secure logins and cut costs.
- February 03, 2017
News roundup: Google updates G Suite with stronger authentication. Plus, WordPress secretly patches vulnerabilities, malware is likely to infect entire OSes, and more.
- January 17, 2017
Researchers saw a Gmail phishing campaign in the wild using clever tricks to access accounts including a difficult 2FA bypass only possible in real time.
- September 29, 2016
Citing a long list of transgressions, Mozilla prepares to sanction Chinese certificate authority WoSign by removing it from its list of trusted certificate issuers.
- July 26, 2016
America's National Institute for Standards and Technology is advising the deprecation of using SMS-based two-factor authentication in order to improve security.
- May 26, 2016
Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols.
- December 23, 2015
Increasing desire to be rid of SHA-1-signed certificates causes Google to join Microsoft, Mozilla in a likely acceleration of Chrome SHA-1 deprecation by six months.
- August 14, 2015
Dropbox announced it is strengthening login options with support for universal 2nd factor (U2F) security keys with the aim of making two-step verification faster and easier.
- August 04, 2015
Identity and access management deployments are notoriously complex. And things are getting worse as legacy technology meets next-generation applications. As the traditional network perimeter continues to disappear, robust IAM becomes more important ...
- July 27, 2015
A glaring error in the Steam password recovery system allowed hackers to take over accounts for Valve's popular gaming platform.
- June 11, 2015
Agencies from U.S. and U.K. governments now support the FIDO Alliance and its open standards for passwordless authentication.
- June 05, 2015
News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?
- April 24, 2015
The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.
- March 10, 2015
The mobile payment app maker responds to criticism by stepping up security with better verifications and notifications for email and phone number changes.
- December 09, 2014
Amid growing fears of stolen credentials and data breaches, the FIDO Alliance released its long-awaited 1.0 specifications for passwordless and multifactor authentication systems.
- September 17, 2014
Following a high-profile leak of celebrity photos, Apple has moved to improve its iCloud two-factor authentication mechanisms.
- September 11, 2014
Facebook's director of security operations says women can have successful careers in information security, and more diversity can help shift the playing field toward security defenders rather than attackers.
- September 03, 2014
Apple's decision to not extend its two-factor authentication security mechanism to all iCloud services may leave users more vulnerable to attacks
- August 29, 2014
News roundup: Endpoint antimalware has been long considered ineffective, yet a recent IDC report projects endpoint security growth. What gives? Plus: AWS Zocalo, new gTLDs, QR code authentication and more.
- July 08, 2014
Following the collapse of an AWS-based cloud hosting provider, experts say enterprises should prioritize use of multifactor authentication.
- April 30, 2013
McAfee introduces two new identity and access management (IAM) products.
- April 23, 2013
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords.
- August 01, 2012
Investigators believe some of the Web-based storage service's accounts were compromised following a password breach at another website.
- March 01, 2012
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets.
- January 16, 2012
While the RSA SecurID breach cost EMC’s security division more than $60 million, executives admit it could take years to restore its tarnished image.
- June 07, 2011
Following a retooling of its manufacturing and supply chain management processes, RSA plans to replace security tokens for high risk customers.
- June 02, 2011
Security pros advocate a reassessment of security processes and technologies in the wake of breaches that may be tied to RSA SecurID weaknesses.
- April 27, 2011
In the wake of the RSA SecurID breach, a vendor survey finds a reduced level of confidence in the security provided by tokens.
- March 18, 2011
Experts say the risk of an attack that exploits stolen proprietary data on RSA's SecurID products is low, but it can't be completely dismissed until attack details are revealed.
- March 17, 2011
Company warns customers that SecurID product data was stolen in sophisticated attack.
- February 16, 2011
nuBridges announced its Tokenization as a Service (TaaS) cloud-based data tokenization service, and promised customers ownership of their data even if they cancel the service.
- February 15, 2011
PhoneFactor has been selected by Microsoft to provide multifactor authentication for HealthVault users.
- March 04, 2010
Merchants see value in the technology helping to reduce the scope of a PCI assessment, but a lack of standards and complexity issues are a cause for concern.
- February 10, 2010
Expanding use of verification questions prompts concerns about privacy issues, but businesses say KBA has been vital in reducing fraud.
- January 21, 2010
The telephone-based out-of-band authentication vendor adds voice recognition technology for banks, government agencies.
- November 04, 2009
Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and develop new defenses.
- September 22, 2009
The encryption-token service could compete against vendors offering format preserving encryption to secure payment transactions.
- March 16, 2009
A new USB-like device, hardened with security features, could overtake one-time password devices and give end users flash memory to carry around encrypted data.
- April 02, 2008
Kerberos is a dominant authentication protocol, embedded in Windows, Solaris and multiple Linux flavors. But with new threats and new technology, an upgrade is in order.
- April 02, 2008
Kerberos is one of the most-widely used authentication methods today, but experts explain that it comes with some weaknesses.
- December 12, 2007
Big Blue is melding automated features from its lightweight Express version in what it says should simplify deployments and ease end user pain.
- December 10, 2007
Companies that identify, monitor, report and investigate audit trails and conduct risk analytics are taking the right steps to protect critical data, according to one expert.
- May 22, 2007
While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.
- January 30, 2007
Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry.
- February 14, 2006
Microsoft's chairman outlined a future where code is written more securely and passwords are no more. Can his company get us there?
- January 06, 2006
HOT PICK: Security is enhanced through ID-Synch's ability to enforce strong password policy across platforms. But that's not the only benefit.
- March 01, 2004
Enterprises have hardened their perimeters with VPNs, firewalls and intrusion detection systems, but organizations need to focus more on securing routing protocols.
- August 03, 2003
Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear.
- June 17, 2003
Liquid Machines' identity management software helps enterprises reach compliance with federal data control and monitoring regulations, leading off this edition of Quick Takes.
- December 10, 2002
Smart cards are increasingly popular means of accessing computer networks. But they're not immune to attack.
- March 18, 2002
SearchSecurity invited author and security expert Dr. Richard Smith to speak about authentication and his recently published book on the subject last month. We ran out of time during the Webcast for him to answer several questions from the audience,...