Tag: Multi-Factor Authentication

Securing Our Biometrics-Based Future

The last few years have seen an uptick in efforts to use biometrics more widely in authentication, most notably driven by the consumerization effect of Apple introducing Touch ID and Face ID. But this could be the (strong) nudge that was needed to push it over the edge. Mastercard just announced that all issuers of

Doing 2FA Correctly Requires More Than 2 Factors

Two Factor Authentication (or 2FA) has been in the news a lot recently. There was the kerfuffle over NIST putting into their update of 800-63 that SMS-based 2FA is insufficiently secure and should be deprecated (something most security experts agree on). That update (still in draft) came too late for the Social Security Administration (SSA),

That Time Enabling Two-Factor Authentication Made Me Feel Worse

I’ve been an account holder at a fairly prominent online brokerage for a while now. Been using it without hiccup for years. The movement in the stock market early in the year prompted me to log in to check on a few things (I know, I know. I swear I’m not that guy). While there, I decided

2FA in Password Managers: Fair or Faux

It all started with a tweet I sent regarding the position on passwords and password managers that a member of Microsoft Research was taking in an NPR article (I’ll expand on my viewpoint in a later blog post). But one of the resulting responses I received sent me down a very interesting rabbit hole. Faux 2FA? Of course I

The Conundrum of 2FA meets the Enigma that is PAM

“It’s a mystery. Broken into a jigsaw puzzle. Wrapped in a conundrum. Hidden in a Chinese box. A riddle.” – The Riddler, The Long Halloween Yesterday’s hack of the AP’s Twitter account was big. Not only did the impact it had on the stock market prove Ranjeet’s thesis that Twitter is now a SOX (Sarbanes-Oxley)

What Happens When Telco’s Declare SMS ‘Unsafe’?

If you’ve been following Authentication related discussions, you know that a lot of the tactical focus is on adding additional authentication factors to the base username/password login mechanism as a way of making it more secure. This is particularly true in consumer facing applications, as brought into stark contrast by the Mat Honan hack episode.

FFIEC Updates Their Guidance. And The Winner Is…

In my last post, I mentioned that the FFIEC was preparing an update to their 2005 guidance on internet banking authentication. Well, that update is out, and Anil John couldn’t wait to let me know about it (:)). The update, entitled ‘Supplement to Authentication in an Internet Banking Environment‘ recognizes both the growth in online

So What Does Constitute “Reasonable” Security?

A couple of weeks ago, I tweeted about what I called a must-read article by Brian Krebs. Fellow identirati Anil John lamented yesterday that we hadn’t discussed this more in the community, and on second glance I can see why. The article covers a court case where the magistrate was basically asked to decide what

Multi-Factor Authentication going Mainstream

Some recent moves by major players could have a significant impact on the perception of multi-factor authentication technologies. Google recently introduced two-factor authentication for Google Apps. The mechanism they chose to employ relies on a one-time password token delivered to a cell phone either by an SMS text message or a call to the phone