Security News
What can you learn from analyzing more than 2 billion phone calls per year? Everything you need to measure to detect fraud and authenticate genuine users. Preventing call center fraud is the most common use case for the platform, but Balasubramaniyan also sees a growing need for voice authentication, spanning everything from home automation systems to corporate fraud.
So how do you know what's going to make authentication more secure and efficient for your organization while also shifting the burden off users? Risk-based authentication is increasingly the answer - but it's more nuanced than that. At its most basic, a risk-based approach may mean simply adopting static risk-based policies that support conditional access.
IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience, according to Yubico and Ponemon Institute. The conclusion is that IT security practitioners and individuals are both engaging in risky password and authentication practices, yet expectation and reality are often misaligned when it comes to the implementation of usable and desirable security solutions.
Amazon's Ring is mandating the use of two-factor authentication for all users, a move designed to help stop creepy takeovers of the web-connected home security cameras. Ring users have had the option to use two-factor authentication, but now it will be mandatory, writes Ring President Leila Rouhi in a blog post.
Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.
Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.
FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.
FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.
RSA, a global cybersecurity leader delivering Business-Driven Security solutions to help organizations manage digital risk, announces the general availability of RSA Adaptive Authentication for eCommerce version 20.5. In this version, RSA Adaptive Authentication for eCommerce implements the latest features available in the EMV 3D-Secure v2.2 protocol, adds new authentication flows to support transactions where the cardholder is not in session, and introduces new capabilities that significantly enhance the customer's checkout experience.
Yubico, the leading provider of hardware authentication security keys, announced the initial availability of YubiEnterprise Services, the company's first service-based offering designed to transform the way that enterprises purchase, distribute and manage YubiKeys. With subscription and delivery self-service options, YubiEnterprise Services will equip organizations with a simple and efficient way to deploy strong authentication at scale.