Video Screencast Help
Authentication (User) Blog
Showing posts in English
chalcon | 12 Jan 2011 | 0 comments

The increasing adoption and use of all things SaaS and mobile device related has created a bevy of new security challenges for today's enterprise IT departments. According to a recent report by Forrester Consulting, commissioned by Symantec, enterprises are unnecessarily leaving their organizations vulnerable to unauthorized access by cybercriminals. The press release announcing the report can be found here.

The Forrester commissioned report is part of a new Symantec initiative called Strong Authentication for Enterprises (SAFE), developed to provide enterprises with third party research that looks at the activities "open" enterprises do every day by allowing access to company resources.

The Forrester report titled...

chalcon | 17 Dec 2010 | 0 comments

password.jpeg

The recent Gawker database breach is yet another reminder of the weakness of the traditional "username and password" form of security. Previous database breaches, like this one, have shown that users do not realize how vulnerable they are making themselves and potentially their employers to identity and data theft by using weak passwords.

Steve Ragan of the Tech Herald wrote a story that includes a list of the top 250 passwords used by the Conficker Worm that you can read here. The list of passwords is truly impressive and includes many of the classics such as, "12345," "qwerty" and of course "password." It is surprising and concerning that these passwords continue to be used time and time again.

With the exposure of all of these passwords, we can't...

chalcon | 15 Nov 2010 | 0 comments

There's been recent news discussing the vulnerabilities of wireless apps for the banking industry and how they could impact users. As the number of Americans regularly using mobile banking services continues to grow, security concerns will grow along with them.

The challenges for banks to consider are all of the potential vulnerabilities in their implementation to better mitigate risks effectively while managing the delicate balance between extra layers of security vs. user experience.

Here are a few recommendations we suggest bank and financial institutions may want to consider:

- Deploy strong or two-factor authentication that goes beyond the traditional username and password. If username and password are compromised, the fraudster still needs the second factor to gain access to an account. With our VIP mobile SDK, banks can enable a silent user experience for a second factor of authentication allowing greater security without negative...

chalcon | 03 Nov 2010 | 0 comments

SC Mag finalist_logo 2.gif

The finalists for the SC Magazine Awards 2011 were announced this week and we were pleased to see that the VeriSign Identity Protection (VIP) Authentication Service made the list for the "Best Multifactor Product" category. This is the second year in a row that VIP has been named a finalist within the multi-factor product category.

The SC Magazine Awards will be announced on February 15, 2011 in San Francisco during the week of the RSA Conference. A full list of categories and finalists can be found here.

chalcon | 18 Oct 2010 | 0 comments

Window Phone.jpg

The launch of Microsoft's Windows Phone 7 took place to a lot of positive buzz. The long awaited new mobile OS from Microsoft offers some great new features on new handsets from Dell, Samsung, LG and HTC just to name a few. New phones with a new Windows OS just in time for Christmas (only 2 months a few days of shopping time left incase you were wondering).

With the launch of Windows Phone 7, the VIP Team is very excited to make available the VIP Mobile SDK for Windows Phone 7. We have been working hard to support just about every mobile platform available including Android, iPhone and Java 2 Micro Edition (J2ME). The availability of our Windows Phone 7 SDK is great news for developers that want to add strong authentication to their mobile applications.

Whether it's for consumers or the enterprise, mobile application developers can now leverage...

chalcon | 15 Oct 2010 | 4 comments

facebook logo.jpg

This week Facebook announced that they have begun rolling out one-time passwords (OTP) to their users as an added layer of security. Facebook is providing OTPs to help protect its users while on public computers like those at coffee shops, libraries, hotels and airports. For Facebook users looking to take advantage of this, they'll need to have a mobile phone number in their Facebook account and by texting "otp" to 32665 they will receive a one-time use password that last for 20 minutes.

For quite some time VeriSign, now part of Symantec, has been educating consumers and enterprises on the need and value of OTP. Our cloud-based VIP Authentication...

chalcon | 15 Oct 2010 | 0 comments

Qualys logo 3.jpg

At this week's RSA Conference in Europe, Qualys announced that it will now offer its customers strong authentication protection with our VIP Authentication Service. VIP will provide users of QualysGuard® a safer and more secure way to access and manage their accounts.

Qualys is the latest VIP customer to implement our leading cloud-based authentication service that allows enterprises to secure online access and transactions to obtain compliance and reduce fraud risk. As with VIP, QualysGuard is a SaaS service that requires no on-premises...

nicolas_popp | 06 Sep 2010 | 1 comment

It is clear that high assurance identity on the internet is going to require identity proofing. With more than 1 Billion Web users, and 3 Billion mobile users increasingly connected to the Internet, scalability is going to be essential. If high assurance identities become the norm, digital identify verification services that do not require in-person proofing could therefore turn into a significant market opportunity

Most folks in the industry would tell you that credit bureaux, and financial institutions ought to be primary beneficiaries as the new business emerges. However, the convergence of Internet, mobile and telecommunication driven by iPhone and Android could attract new market players. Mobile network operators (MNOs) have a wealth of identifiable data about us. They are also uniquely positioned to bring to market multi-channel solution. In fact, an MNO-operated ID proofing service could easily support voice and web, for brick and mortar as well as online service...

vipmobile | 01 Jul 2010 | 0 comments

be412fec1398f6848b66ff82fb034031_2011_website.jpg
Congratulations to Addison Avenue Federal Credit Union and the U.S. District Court in the District of Columbia, both of which were designated as Laureates by the Computerworld Honors Program. In addition to this honor, Addison Avenue Federal Credit Union was also named as a finalist for the Computerworld 21st Century Achievement Award, an award that honors and documents the extraordinary innovations of individuals and organizations that are leading the global IT revolution.

Addison Avenue Federal Credit Union
Addison Avenue offers its customers the...

nicolas_popp | 02 Jun 2010 | 0 comments

I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on the Open Identity stack. The second is more enterprise cloud focused; it is driven by the Cloud Security Alliance (CSA). The CSA is developing a more SAML-oriented technology blueprint within OASIS. The technology protocols are different but the risk controls are similar. Therefore, I am hopeful that both trust frameworks will converge (I will certainly try to help them converge).

But let us re-hash the motivation of the industry that sponsors these efforts. A trust framework is necessary to enable policy...