Multi-Factor Authentication and Authenticator Apps

Security Boulevard

October is Cybersecurity Awareness Month so in this episode we discuss multi-factor authentication and the use of authenticator apps. Listen to this episode to learn what multi-factor authentication is, all […].

On Risk-Based Authentication

Schneier on Security

A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. I’ve blogged about risk-based authentication before.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Authentication Failure

Schneier on Security

Uncategorized authentication impersonationThis is a weird story of a building owner commissioning an artist to paint a mural on the side of his building — except that he wasn’t actually the building’s owner.

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Schneier on Security

” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. Uncategorized academic papers authentication face recognition

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication

Schneier on Security

Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. After successful password authentication, the server evaluated the duo-sid cookie and determined it to be valid.

Rethinking Cloud Infrastructure Authentication

Security Boulevard

Hopefully, you’ve moved beyond “p4$$w0r9s” and use secure keys and multifactor authentication (MFA) for all of your cloud infrastructure. The post Rethinking Cloud Infrastructure Authentication appeared first on Security Boulevard.

NSA on Authentication Hacks (Related to SolarWinds Breach)

Schneier on Security

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” Uncategorized authentication credentials hacking NSA trust

Multi-Factor Authentication Best Practices & Solutions

eSecurity Planet

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. Biometric authentication.

It's Time to Rethink Identity and Authentication

Dark Reading

The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication

How to better secure user authentication protocols

CyberSecurity Insiders

The vulnerability, dubbed ProxyToken, lets attackers bypass the authentication process to access victims’ emails and configure their mailboxes. Normally, Exchange uses two sites, a front and back end, to authenticate users. Use multifactor authentication.

Fake Microsoft Authenticator extension discovered in Chrome Store

Hot for Security

Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it. Industry News extension fake Google Chrome microsoft authenticator Web Store

The Consumer Authentication Strength Maturity Model (CASMM)

Daniel Miessler

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? Mar 24, 2021 — Someone mentioned that there are higher ranks of authentication out there, which I agree with, but this is specifically for everyday users.

API Security Need to Know: Top 5 Authentication Pitfalls

Security Boulevard

The post API Security Need to Know: Top 5 Authentication Pitfalls appeared first on Cequence. The post API Security Need to Know: Top 5 Authentication Pitfalls appeared first on Security Boulevard. The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.)

Betting Big on Identity and Authentication

Security Boulevard

The post Betting Big on Identity and Authentication appeared first on Security Boulevard. Last year, 2020, was a year of accelerated digital transformation with COVID-19 related lockdowns pushing preexisting trends into overdrive.

Zoho warns of zero-day authentication bypass flaw actively exploited

Security Affairs

Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the wild. “We have addressed an authentication bypass vulnerability affecting the REST API URLs in ADSelfService Plus.

Adaptive Authentication- Is it the Next Breakthrough in Consumer Authentication?

Security Boulevard

Adaptive authentication is a game-changer for enterprises that require strong fencing to protect consumer and enterprise data. Here’s a quick read depicting the role and need for adaptive authentication instead of just multi-factor authentication.

Why Aren’t More SMEs Using Multi-Factor Authentication?

Security Boulevard

Businesses that use multi-factor authentication are 99.9% The post Why Aren’t More SMEs Using Multi-Factor Authentication? The post Why Aren’t More SMEs Using Multi-Factor Authentication? less likely to be breached. So why aren’t more SMEs using MFA? Learn why.

Authentication is Outdated: A New Approach to Identification

CyberSecurity Insiders

Identity and user authentication continue to be a concern for IT managers. It’s time to take a closer look at alternative identity management and authentication strategies. You start with a company, organization, or group that maintains the authentication ecosystem.

Benefits of multi-factor authentication

Security Boulevard

A crucial aspect of cybersecurity was missing from Colonial Pipeline when a criminal hacking group was able to access a shared internal drive and demanded close to $5 million in exchange for the files: multi-factor authentication.

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? This post is an attempt to create an easy-to-use security model for the average internet user. People like moving up rankings, so let’s use that!

Kaseya Hacked via Authentication Bypass

Dark Reading

The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative

FBI Warns of Cyber Attacks on Multi-Factor Authentication

Adam Levin

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.” The post FBI Warns of Cyber Attacks on Multi-Factor Authentication appeared first on Adam Levin.

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. authentication email maninthemiddleattacks phishing twofactorauthentication

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Threats anti-phishing multi-factor authentication

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. The one in storage matches the one provided at the time of authentication.

How to comply with PSD2 authentication without a headache

Security Boulevard

Using behavioral biometrics, you can meet requirements without more authentication steps. The post How to comply with PSD2 authentication without a headache appeared first on NuData Security. Find that hard to believe? Read for yourself.

What Are The Different Factors Of Multi-Factor Authentication (MFA)?

Security Boulevard

Learn more about the different types of factors you can use to develop a multi-factor authentication (MFA) protocol for your organization. The post What Are The Different Factors Of Multi-Factor Authentication (MFA)? Security Bloggers Network Multi-Factor Authentication (MFA) security

The False Identity Frenzy and the Need for Authentication

Security Boulevard

The post The False Identity Frenzy and the Need for Authentication appeared first on The State of Security. The post The False Identity Frenzy and the Need for Authentication appeared first on Security Boulevard.

What Is Biometric Authentication? A Complete Overview [Updated 2021]

Heimadal Security

What Is Biometric Authentication? Biometric authentication refers to the security procedure that involves the use of unique biological characteristics of individuals such as retinas, irises, voices, facial characteristics, and fingerprints in order to verify people are who they claim to be.

Passwordless Authentication 101

eSecurity Planet

Although they are the most common tool used to verify a person’s identity, passwords are the least secure mode of authentication. What is passwordless authentication? Passwordless authentication, on the other hand, is derived from different types of information the user has.

Chinese Hackers Bypassing Two-Factor Authentication

Schneier on Security

Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory.

Consumers are done with passwords, ready for more innovative authentication

CSO Magazine

CISOs looking to beef up their customer-facing authentication procedures to thwart cyberattacks need to walk a fine line. Selecting the most appropriate authentication method for your customers is something of a moving target because consumer attitudes are always changing.

A Windows Hello Authentication Bypass Vulnerability Was Fixed by Microsoft

Heimadal Security

The feature then matches the data obtained against a password hash for authentication. The Windows Hello authentication bypass vulnerability was apparently able to let threat actors spoof a target’s identity.

Good Primer on Two-Factor Authentication Security

Schneier on Security

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. authentication twofactorauthentication usabilityWhile it's often an important security measure, it's not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system.

Pega Infinity patches authentication vulnerability


of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.”. The post Pega Infinity patches authentication vulnerability appeared first on Malwarebytes Labs.

What Is Step-Up Authentication and Where Does It Come Into Play?

Security Boulevard

Step-up authentication is the process of transitioning from a single authentication factor to multiple factors, but when should you use this? The post What Is Step-Up Authentication and Where Does It Come Into Play?

Router Firmware Vulnerability Bypasses Authentication

Digital Guardian

A vulnerability found in some routers and modems could make the devices vulnerable to authentication bypass and in turn, allow attackers access to sensitive information

Continuous Authentication Tech Looms Large in Deployment Plans

Dark Reading

Security leaders are interested in continuous authentication technologies, especially behavioral-based capabilities

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. As it happened, the PCM employee was not using multi-factor authentication. In response, Microsoft said while its guidance has always been for partners to enable and require multi-factor authentication for all administrators or agent users in the partner tenants, it would soon be making it mandatory.

Facebook and Google Account Authentication | Avast

Security Boulevard

Let's now walk through the steps you can take to enable two-factor authentication on your accounts. The post Facebook and Google Account Authentication | Avast appeared first on Security Boulevard.

Don’t use single?factor authentication, warns CISA

We Live Security

The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods. The post Don’t use single‑factor authentication, warns CISA appeared first on WeLiveSecurity.

Images Of Government-Issued IDs Should Not Be Trusted For Authentication

Joseph Steinberg

Government Issued identity documents (IDs), such as passports and drivers’ licenses, may be appropriate forms of authentication when presented in person, but we must stop trusting images of any such documents when they are utilized online.

Multi-Tenant SaaS Authentication Bypass or Works-as-Designed?

Security Boulevard

Four months ago, researchers at Cequence discovered an authentication vulnerability in the Lithium community forum platform (now part of Khoros), that warranted a responsible disclosure submission. The post Multi-Tenant SaaS Authentication Bypass or Works-as-Designed?