Collaborate Disseminate
There are several types of MFA, but TOTP MFA is one of the most effective. With a cloud directory service, you can enable TOTP MFA at scale.
The post What is TOTP MFA? appeared first on JumpCloud.
The post What is TOTP MFA? appeared first on Security B… Continue reading What is TOTP MFA?
Yubico is trying to go corporate. The authentication company behind the YubiKey, a physical token that users rely on to access devices in a secure way, on Tuesday announced YubiEnterprise Services. It’s a subscription service meant to attract business clients and persuade them to buy batches of YubiKeys, rather than buying one at a time. It’s a big play for the company, which has been widely hailed for giving average people a way to protect their email accounts from phishing, access an array of websites with a strong second factor of authentication, and sign and decrypt protected messages without making their data vulnerable. Yubico is marketing the new service as a way for enterprise security teams to streamline product shipments, inventory management and other key-related tasks by organizing those tasks in a cloud-based Yubico platform. The company has not said whether companies will receive a discount on YubiKeys by buying them in […]
The post Yubico pushes an enterprise security plan geared toward corporate America appeared first on CyberScoop.
Continue reading Yubico pushes an enterprise security plan geared toward corporate America
Duo Security CEO Dug Song kept it simple Tuesday when he described the last decade in cybersecurity. “It sucked,” Song told the crowd at the Zero Trust Security Summit presented by Duo and produced by FedScoop and CyberScoop. The next decade doesn’t have to be that way, he says, because the technology ecosystem has the tools it needs to make security as seamless and easy to use as possible. Architectures like zero trust can become more commonplace, giving enterprises simple ways to protect themselves against the most familiar threats. At the core, it’s about ensuring that users and devices are connecting only with the data that they need. In a sit-down with CyberScoop on the sidelines of the summit, Song talked about the evolution of zero trust, how the cybersecurity market is changing, and how cybersecurity can be better woven into campaign operations. The title of the event is the Zero Trust Security Summit. “Zero trust” […]
The post Duo CEO Dug Song: We have to make security simple appeared first on CyberScoop.
Continue reading Duo CEO Dug Song: We have to make security simple
A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose. “I get emails from this website on a monthly or basis,” DHS CISO Paul Beckman said Tuesday at the Zero Trust Security Summit presented by Duo and produced by FedScoop and CyberScoop. “That’s how often my username and password is getting compromised.” Beckman said he registered both his personal and DHS emails on the website. The good news for him is that he uses a “second factor” — something like a SMS message or an authentication app — to log into his accounts and keep hackers out of […]
The post What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords appeared first on CyberScoop.
Continue reading What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords
As more organizations adopt multi-factor authentication policies, many want to know the benefits of using push notifications for MFA.
The post Using Push Notifications for MFA appeared first on JumpCloud.
The post Using Push Notifications for MFA appea… Continue reading Using Push Notifications for MFA
Boing Boing, a popular blog and news aggregator with deep roots on the internet, said Monday that an unknown attacker had used a hacked account of one of its team members to spread malicious code. The hacker was able to get around two-factor authentication — an extra security measure — to log into the Boing Boing content management system (CMS) software. From there, the attacker installed a widget that redirected Boing Boing visitors to a malicious web page, the publication said in a statement under the tagline, “We Wuz Hacked.” Founded three decades ago as a zine, Boing Boing is an irreverent and wide-ranging news site that embraced blogging long before it became popular. Contributors to the self-styled “Directory of Wonderful Things” have long promoted sound security practices. In May 2019, for example, co-editor Cory Doctorow blogged about a Google study touting the benefits of 2FA. Boing Boing said the breach occurred around midday Friday and that, once the issue […]
The post Boing Boing says hacker got around 2FA in breaching its content management system appeared first on CyberScoop.
Continue reading Boing Boing says hacker got around 2FA in breaching its content management system
The password is the top target for attackers, so adding MFA to Windows systems is one of the most important security measures.
The post Adding MFA to Windows Systems appeared first on JumpCloud.
The post Adding MFA to Windows Systems appeared first on … Continue reading Adding MFA to Windows Systems
The Republican National Committee is relying on authentication tools and careful social media behavior in order to avoid a devastating data breach like the kind that derailed its Democratic counterparts in 2016. The RNC, which develops and promotes the party’s platform and currently supports President Donald Trump’s re-election campaign, is banking on Duo Security, which specializes in multi-factor authentication, to keep state-sponsored hackers out of party accounts, according to recent Federal Election Commission filings. Even if a user’s password credentials are stolen, an extra layer of authentication can ensure that only the legitimate account holder could access his or her communications. Since March of this year, the RNC has paid just over $1,000 per month to Duo, according to FEC filings. The RNC started using Duo in 2016, just days before the election. And it’s not just email account access the RNC is trying to protect — the RNC uses multiple layers of authentication to protect other […]
The post RNC, DNC bank on Duo authentication ahead 2020 election appeared first on CyberScoop.
Continue reading RNC, DNC bank on Duo authentication ahead 2020 election
Twitter says it will allow users to remove their phone numbers from the secure login process, a move that has triggered widespread praise from the security community. Users can now use a one-time code, an app or a physical security key to as a second factor of authentication into their account. Before Thursday, Twitter customers trying to login in a secure way only could enter their username and password, then ask the site to send them an SMS message to verify their identity. The company also forced users who did use a third-party authentication app to use their phone number to sign up. Facebook announced in May 2018 it would stop requiring phone numbers for multi-factor authentication. Now, amid a growing body of evidence hackers can subvert text-based authentication, Twitter is expanding its options. We’re also making it easier to secure your account with Two-Factor Authentication. Starting today, you can […]
The post Twitter, tightening security, stops requiring phone numbers for authentication appeared first on CyberScoop.
Continue reading Twitter, tightening security, stops requiring phone numbers for authentication
In the spirit of National Cybersecurity Awareness Month, we’re running a three-part series on how to shore up identity security and help prevent a data breach. In our first post below, we’ll take a look at how credential theft really works … Continue reading Credential Theft: How It Works and How to Mitigate It