Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Authentication (User) Blog
Showing posts tagged with two-factor authentication
Showing posts in English
Teresa Law | 18 Aug 2014 | 0 comments

If anyone needed another reason to be wary of using solely passwords to protect their accounts, the recent report of the Russian cybercrime team that stole 1.2 billion usernames and passwords from 420,000 websites is that reason.  It makes you wonder, 1.2 Billion Login Details Stolen. Time To Retire The Password?

Although the attackers have not sold much of the stolen data, because of our propensity for password reuse the risk is there to cause significant personal damage, fraud, and outright theft.

One of the best ways to protect your online accounts is through a second factor of authentication - that way even if your password is compromised your account is still protected.  Below are some tips to protect your online data:

  • Use strong, unique passwords and never reuse them across other online accounts.
  • Activate two...
Teresa Law | 17 Jun 2014 | 0 comments

The release of VIP Access for Android on June 16th is a landmark event, as it is makes use of market leading technology to create a highly secure application. We are certain this is just the beginning of a trend to provide greater security for mobile devices.

We have seen in the distant past extensive use of hardware tokens because of the high degree of security they provide, but you sacrifice the user experience.  With the proliferation of mobile devices users have demanded a more user friendly option – mobile credentials.  Mobile credentials have been embraced by all industries, although certain industries are more security conscious than others: financial, government, and many large enterprises. Mobile credentials provide a high degree of convenience, but for these sensitive applications a higher level of security is welcome; particularly for Android devices. Through the work of Trustonic and Giesecke & Devrient (G&D), VIP is able to utilize a hardware...

Teresa Law | 28 May 2014 | 0 comments

A recent article in the Silicon Valley Business Journal reinforces the fact that the era of the password is over.  We all know passwords alone are insecure, and when used as the only means to secure access can be easily compromised leading to costly breaches.  Google is the latest to offer a stronger form of authentication by planning to get users to verify their identities with a “Login Challenge,” in a bid to prevent unauthorized access across all of its Web services. For example, Google will send users a text message with a verification code, which they will have to use in order to gain access to their accounts. Users will receive the challenge should the login pattern be different from users' previous attempts. The search giant noted that the move to implement two-factor...

Teresa Law | 13 May 2014 | 0 comments

In the article Bitly embraces two-factor authentication after data breach, Forrester analyst Andrew Rose told SCMagazineUK.com that “Reading Bitly's comments today, two things jump out - Bitly's comments about "immediately enabling two factor authentication" for a remote data store, suggests that their remote access methodologies were simple ID and password. This is a vulnerable state to be in and one which has ultimately come back to haunt them.”

Bitly is the latest in a growing number of companies finding value in two-factor authentication, which has now been enabled for Bitly accounts on the source code repository, company-wide and at third-party services. They say end users don't have this facility yet, but they are working on “accelerated development” of two-factor authentication for Bitly.com.

As the Heartbleed...

Teresa Law | 08 May 2014 | 0 comments

During Nico Popp's session at Vision he proved how he didn't need a password or even to use his hands when logging into an online application - yes he is wearing Google Glass. That was the coup de grace after showing everyone the progression VIP is going to take to kill the password. Already the new Push verification has done away with the 6-digit security code, replacing it with the push of a button as the second factor. Next the password will be replaced with a PIN number as the something you know - the mobile device is the first factor (something you have). Finally, the PIN will be replaced by biometrics, the swipe of a finger on your smartphone. Your two factors are now something you have (smartphone) and something you are (fingerprint)- effectively killing the password. Nico took it a step further by showing how in the future wearable technology could possibly be used. He used the voice feature on his google glasses to show how they could be used to approve the login to...

Teresa Law | 02 May 2014 | 0 comments

Symantec User Authentication has some innovative new solutions to show you and forward looking information to share at Vision.  Please join us in our various sessions below to learn about what’s happening in authentication today… and tomorrow.

Session# 1517  Thursday  9:00am Augustus Ballroom 1

Join VIP of Product Management Nico Popp  who will  demonstrate (with some planned surprises) how we are getting to “A world without passwordshttp://bit.ly/1fqN29M 

 

Session# 1336  Monday 2:15pm  Augustus Ballroom 2

Roger Casals, Senior Director of Product Management will be talking about how our products are “Fencing the Cloud”, is it possible to use your mobile phone to open your garage door and access your email with just a...

chalcon | 22 Apr 2011 | 0 comments

facebook logo.jpg

This week Facebook announced the availability of new security features for its users. Two significant features of note are the always-on "HTTPS" secure sessions, as well as the availability of two-factor authentication (aka strong authentication).

The use of "HTTPS" by websites enables secure information transmission, which helps protect users when sharing or sending personal information online. Many popular websites have added the HTTPS (where the "S" at the end of HTTP stands for "secure") this year due in part to the availability of interception tools like Firesheep. The presence of an SSL...

vipmobile | 12 Jan 2010 | 0 comments

Han Dong, Senior Product Marketing Manager, User Authentication

It's a good thing that people much smarter than me are thinking about the future of the internet, cloud computing, and ensuring I'm properly indoctrinated on the right social networking sites du jour. More importantly, these same smart people are constantly thinking about really critical things, like 'standards', 'interoperability', and 'security'. Guys like Tim Berners-Lee, the inventor of the Web and HTML, Paul Mockapetris, the inventor of DNS, and Vinton Cerf, the father of the internet and co-designer of TCP/IP, are constantly analyzing what's happening today and thinking about what's coming in the future. These people are part of the founding fathers of the web, the internet, and how all the...

vipmobile | 15 Dec 2009 | 0 comments

Han Dong, Senior Product Marketing Manager, User Authentication

Some thoughts on a couple of recent articles, one from Gartner Research: Where Strong Authentication Fails and What You Can Do About It, by Avivah Litan and a similar article by Jaikumar Vijayan in Computerworld, which also references Ms. Litan's article.

The basic idea presented in these two articles is that "one-time passwords...are no longer enough to protect online banking transactions against fraud." These one-time password (OTP) token-based two-factor authentication methods may be compromised by man-in-the-browser malware that overwrites the user transactions to steal their assets. So the...

vipmobile | 03 Dec 2009 | 0 comments

Han Dong, Senior Product Marketing Manager, User Authentication

I just read an article in CNET, by Jonathan Eunice, Character limitations in passwords considered harmful. And immediately after reading the story I thought to myself, Jonathan (may I call you Jonathan), we have the answer to your troubles. It's called VeriSign Identity Protection (VIP) Authentication Service and it's precisely what you need to address your goal to have strong authentication for your "4,000 web services."

Jonathan's article described the issue of how various websites will frequently restrict your ability to create 'stronger' passwords that use symbols (i.e. !@#$%^&), and thus relegate the user to simple (and easy to steal) phrase or nickname...