Collaborate Disseminate
Twitter has added the ability to authenticate to the service using hardware tokens such as Yubico’s YubiKey. Continue reading Twitter introduces another way for you to better secure your account
In the Security News this week, shutting down the Internet to prevent cheating, Yubico claims a bug bounty and upsets researchers, patching MRI scanners, getting your money back after being scammed, and a couple is caught selling golden tickets to heav… Continue reading Golden Tickets, 911 Callers, and Hacking Therapy – Paul’s Security Weekly #565
Yubico announced the certification and availability of the YubiKey FIPS Series, a product line that meets cryptographic security requirements of the Federal Information Processing Standard (FIPS) 140-2. FIPS 140-2 is a US government computer security s… Continue reading Yubico launches FIPS 140-2 validated YubiKey series
Yubico has been drawn into a rare public spat over how the discovery of a security flaw affecting it products was credited. Continue reading Researchers claim Chrome bug bounty paid to the wrong people
Cybersecurity hardware company Yubico has had a year marked by new investment, new tech and big customers including Google and Facebook. But the most frequent customer question has remained: Can I use this thing with my damn iPhone? The answer is now “yes.” Yubico announced on Tuesday a new YubiKey software development kit for iOS, allowing app developers to integrate the hardware key’s near field communication (NFC) authentication into their apps. That is, the small device doesn’t have to touch the phone to help authenticate a user, as it does with personal computers. The first iOS app to offer YubiKey support is popular multiplatform password manager LastPass. The process works with a YubiKey NEO model, which has NFC built in. CyberScoop used a beta version prior to the company’s announcement and found it to be as straightforward as plugging a YubiKey into a laptop or using it via NFC with an Android device. The company, which is based in both California and […]
The post YubiKey arrives on iOS appeared first on Cyberscoop.
To push two-factor authentication into the future, one expert says we need to look back 50 years. The way to increase adoption of the security practice is to mimic the rise of seat belts in automobiles, says Yubico CEO Stina Ehrensvard. People must evolve in their thinking about sensitive accounts and personal data in the same way that society expanded its awareness of the need for auto safety, Ehrensvard says. “In the ’50s, there were 10 times less cars, but more fatal accidents,” Ehrensvard said during a panel at SF CyberTalks presented by CyberScoop. “We put out the car without the seat belts, without the crumple zones, without the airbags, and now they are standard features in cars. Because of that work, the car is safer.” One thing that consumers probably don’t want to mimic: The timespan it took for safety belts to become a fact of life. They were introduced in the 1950s, but were not required by […]
The post Yubico CEO: Two-factor authentication should mirror seat belt’s history appeared first on Cyberscoop.
Continue reading Yubico CEO: Two-factor authentication should mirror seat belt’s history
Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) c… Continue reading Passwordless enterprise authentication on Windows 10 and Azure AD
People can talk about zero-day exploits, IoT botnets and APTs all day long, but often times the simplest approach for attackers remains the most effective. Phishing, which has long been the top attack vector against all manner of targets, is as pervasive and effective as ever. Hackers are increasingly targeting ubiquitous mobile devices and victims are readily falling for it. The rate at which victims are falling for phishing attacks on mobile has increased and average of 85 percent every year since 2011, according to new research from the mobile security company Lookout. “Mobile devices have opened a profitable new window of opportunity for criminals executing phishing attacks,” the researchers wrote. “Attackers are successfully circumventing existing phishing protection to target the mobile device. These attacks are highlighting security shortcomings and exposing sensitive data and personal information at an alarming rate.” The numbers add up. More than ever, internet users’ most important device — for work and personal data […]
The post Phishing attacks against mobile devices rise 85 percent annually appeared first on Cyberscoop.
Continue reading Phishing attacks against mobile devices rise 85 percent annually
After a decade of prodding, Twitter drastically improved its two-factor authentication on Wednesday, expanding an important security tool widely adopted elsewhere online, including Google and Facebook. The social media company announced support for apps like Google Authenticator and Authy that work offline, independent of carrier or location and are more resistant to eavesdropping or hijacking. Crucially, users can now turn off SMS authentication for the first time. It’s considered one of the least-secure methods of two-factor authentication. Two-factor authentication typically works by requiring a password as well as a second method to log in. Commonly used second factors include SMS codes, small pieces of hardware — such as USB keys or dongles — or even biometric authenticators like fingerprints or face scans. Security experts strongly recommend all users turn on two-factor authentication for important internet accounts including email, banking and social media. Twitter users can upgrade in the settings and privacy section of their profiles. We’re rolling out an update to […]
The post Twitter upgrades two-factor authentication options by allowing third party apps appeared first on Cyberscoop.
Continue reading Twitter upgrades two-factor authentication options by allowing third party apps
Most Americans have never heard of two-factor authentication, even as the world’s biggest tech companies are pushing increasingly strong versions of multi-factor authentication in hopes of solving a vast array of cybersecurity problems. According to a new survey from Duo Security, only 28 percent of Americans use two-factor authentication and over 56 percent never heard of the technology before the survey. Just over half (54 percent) of Americans using two-factor authentication began doing so voluntarily. About 45 percent of respondents began because they were forced or incentivized to do so. There may be some good news hidden in these numbers. Of the people who have turned on two-factor authentication, only about 1 percent ended up turning it off. Every one of them cited inconvenience as the reason. Two-factor authentication is a way for people to prove their identity in two ways using something they know (like a password) and something they have (like their phone or a security key). […]
The post Most Americans have never heard of multi-factor authentication appeared first on Cyberscoop.
Continue reading Most Americans have never heard of multi-factor authentication