multi-factor authentication – Page 6

Report: The bigger the company, the messier the password practices

Posted on October 5, 2018 by Jared Beinart

A new report from password management company LogMeIn finds that the bigger the enterprise, the bigger the problem when it comes to managing passwords. The company’s recently released Global Password Security Report scores its 43,000 customers on password strength, reuse, and use of multi-factor authentication. While the average score equaled a 52 out of 100 — a score LogMeIn considers to be good — the numbers generally showed the larger the company, the lower the average security score. The report pins the trend on the fact that more employees bring more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behaviors. “Passwords continue to be a challenge to cybersecurity in the workplace, and attacks continue to grow in number and complexity every year. Despite these threats, businesses have struggled to quantify their own level of password risk,” said Gerald Beuchelt, Chief Information Security Officer at LogMeIn. That level of risk […]

The post Report: The bigger the company, the messier the password practices appeared first on Cyberscoop.

Continue reading Report: The bigger the company, the messier the password practices→

Yubico’s latest authentication keys get the jump on a ‘passwordless’ future

Posted on September 24, 2018 by Zaid Shoorbajee

Yubico, the Swedish-American company that helped popularize key-shaped physical authentication tokens, has released a new line of products geared toward passwordless logins that give users secure access to software and online services without typing anything. The company’s fifth generation of YubiKeys work with the new FIDO2 protocol in addition to other authentication methods. The result is that they “can be used alone for strong single-factor authentication, requiring no username or password to login — just tap or touch to authenticate,” Yubico said Monday. Use of FIDO2 is supported by major browsers such as Google Chrome, Mozilla Firefox and Microsoft Edge. YubiKey integration is also available with popular platforms like Google, Facebook and Twitter. FIDO was developed by an alliance of technology companies to allow users to simply plug in or tap an authenticator key instead of using a static password. Companies are now slowly adopting the standard into their products. The combination of methods […]

The post Yubico’s latest authentication keys get the jump on a ‘passwordless’ future appeared first on Cyberscoop.

Continue reading Yubico’s latest authentication keys get the jump on a ‘passwordless’ future→

State Department scores an F on 2FA security

Posted on September 18, 2018 by Danny Bradbury

Senators have discovered that the State Department is breaking the law by not using multi-factor authentication in its emails. Continue reading State Department scores an F on 2FA security→

Senators want answers on State Department’s glaring cybersecurity gaps

Posted on September 12, 2018 by Greg Otto

The State Department must do more to shore up its cybersecurity posture, according to a bipartisan group of senators. The department is woefully behind on hitting various federal cybersecurity benchmarks, and it is weak on basic measures to protect against phishing, hacks and other cyberattacks, wrote Ron Wyden, D-Ore., Cory Gardner, R-Colo., Ed Markey, D-Mass., Rand Paul, R-Ky., and Jeanne Shaheen, D-N.H., in a letter to Secretary Mike Pompeo. The letter cites two recent reports: The department’s inspector general found last year that 33 percent of diplomatic missions failed to conduct even the most basic cyberthreat management practices, like regular reviews and audits. Also, the General Services Administration found that the department has only instituted enhanced access controls on 11 percent of agency devices. The Federal Cybersecurity Enhancement Act requires agencies to enable multi-factor authentication (MFA) for elevated privileged accounts. “We urge you to improve compliance by enabling more secure authentication mechanisms across […]

The post Senators want answers on State Department’s glaring cybersecurity gaps appeared first on Cyberscoop.

Continue reading Senators want answers on State Department’s glaring cybersecurity gaps→

Experts Call for Transparency Around Google’s Chinese-Made Security Keys

Posted on August 31, 2018 by Joseph Cox

Google’s Titan Security Keys, used to lock down accounts, are produced in China. Several experts want more answers on that supply chain process, for fears of tampering or security issues. Continue reading Experts Call for Transparency Around Google’s Chinese-Made Security Keys→

Listening Watch sounds out security idea with websites that listen

Posted on August 29, 2018 by Danny Bradbury

Listening Watch, a project based on earlier work by researchers Prakash Shrestha and Nitesh Saxena, uses the power of sound to log you into your favourite websites. Continue reading Listening Watch sounds out security idea with websites that listen→

Reconsidering Identity Security: The T Mobile® Breach

Posted on August 27, 2018 by Zach DeMeyer

A week ago today another massive corporation was the target of a hacking attempt: telecom company, T Mobile®. The company was targeted by a reportedly “international” hacking group. The attack was successful, with almost 2 million T Mo… Continue reading Reconsidering Identity Security: The T Mobile® Breach→

Definition of Multi-factor Authentication

Posted on August 14, 2018 by Ryan Squires

With data breaches taking up headlines from Wired to the New York Times, it is now more important than ever to secure user identities. It is estimated that breaches will cost companies $2.1 trillion in 2019. That’s enough money to buy Apple&#8212… Continue reading Definition of Multi-factor Authentication→

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Posted on August 14, 2018 by Tara Seals

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. Continue reading Microsoft Flaw Allows Full Multi-Factor Authentication Bypass→

New vuln in Microsoft Active Directory lets attackers bypass multi-factor authentication

Posted on August 14, 2018 by Sean Lyngaas

A vulnerability in Microsoft’s popular identity management directory could let an attacker breach multiple employee accounts in an organization by circumventing multi-factor authentication, according to new research from identity security company Okta. The directory in question is Microsoft’s Active Directory Federation Services (ADFS), which allows business partners from different organizations to sign in to shared web applications. A weakness in the multi-factor authentication protocol for ADFS means that a hacker equipped with a user’s password and second “factor,” such as an SMS message, could use that factor in place of any other employee’s in the organization, according to Okta. To breach another user in the organization, the hacker would need access to his or her user name and password on the same ADFS service. “Simply put, if just one employee in a global company wanted to – or if a bad actor compromised the account of one employee – they […]

The post New vuln in Microsoft Active Directory lets attackers bypass multi-factor authentication appeared first on Cyberscoop.

Continue reading New vuln in Microsoft Active Directory lets attackers bypass multi-factor authentication→