With the Cosmos bank attack still fresh in memory, some security experts are urging the Reserve Bank of India to take immediate steps to upgrade the security capabilities of banks. For example, they want banks to do away with user-based one-time passwords delivered via text messages.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
In an interview, Rohas Nagpal, a chief architect at Primechain Technologies, describes how blockchain can be used for authentication and pinpoints areas where blockchain is not the ideal technology. He'll be a featured speaker at ISMG's Security Summit in Mumbai Thursday.
A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over. The exposed database, which wasn't protected by a password, contained 26 million text messages, many of which were two-step verification codes and account-reset links.
Is it realistic to think the end of our dependency on traditional user names and passwords is in sight?
While user names and passwords may not be phased out in the near-term, eventually there will not be online services that have anything of value that don't offer multiple types of two-factor authentication....
By establishing a trusted digital relationship with users, insurers can enable legitimate consumers to apply for new policies and legitimate providers and insurance professionals to log in to their accounts without onerous authentication requirements, while requiring users identified as high risk to fulfill additional...
To deliver a better, frictionless experience, organizations should consider real-time, multilayered, omnichannel identity trust assessments that analyze a wide variety of intelligence - including network, device, environment, behavioral and global intelligence.
Download this white paper and learn about:
The many...
As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight? Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative.
You don't have to be a bank to serve customers online, and even if your customer accounts do not hold money, they still hold value - one that cybercriminals will take advantage of. As customers come to expect services to be available online as the standard, more businesses will have to learn to adapt to the digital...
Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad."
Driven by digital transformation and regulatory and industry initiatives such as PSD2, 3D Secure 2.0, and Faster Payments, the need to provide strong authentication without impacting customers and transactions is a top business imperative.
To make it easier for you to evaluate the market (and not get distracted by...
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.
Privacy advocates are praising the India Supreme Court's ruling that private entities can no longer require the use of Aadhaar data for authentication, but they're pressing for swift passage of a new data protection law.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
