Security News

IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience, according to Yubico and Ponemon Institute. The conclusion is that IT security practitioners and individuals are both engaging in risky password and authentication practices, yet expectation and reality are often misaligned when it comes to the implementation of usable and desirable security solutions.

Amazon's Ring is mandating the use of two-factor authentication for all users, a move designed to help stop creepy takeovers of the web-connected home security cameras. Ring users have had the option to use two-factor authentication, but now it will be mandatory, writes Ring President Leila Rouhi in a blog post.

Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.

Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.

FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.

FIDO protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks. "In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.

RSA, a global cybersecurity leader delivering Business-Driven Security solutions to help organizations manage digital risk, announces the general availability of RSA Adaptive Authentication for eCommerce version 20.5. In this version, RSA Adaptive Authentication for eCommerce implements the latest features available in the EMV 3D-Secure v2.2 protocol, adds new authentication flows to support transactions where the cardholder is not in session, and introduces new capabilities that significantly enhance the customer's checkout experience.

Yubico, the leading provider of hardware authentication security keys, announced the initial availability of YubiEnterprise Services, the company's first service-based offering designed to transform the way that enterprises purchase, distribute and manage YubiKeys. With subscription and delivery self-service options, YubiEnterprise Services will equip organizations with a simple and efficient way to deploy strong authentication at scale.

There are not only more users, but also more kinds of users working in more places, all needing to authenticate in a way that keeps resources secure without making access unduly difficult or time-consuming. You need an authentication solution that allows you to authenticate users in multiple ways, both to meet different users' needs for convenient access and to make multi-factor authentication possible for security purposes.

The proliferation of real-time payments platforms, including person-to-person transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for the majority of banks. "While the convenience of real-time payments is great news for customers, increasingly, banks have zero time to clear a transaction or payment. AI can't slow down the clock, but it can help create systems that are radically quicker to recognize a transaction that smells likely to be fraudulent," said Dan McConaghy, president of FICO in Asia Pacific.