Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Authentication (User) Blog
Showing posts tagged with Identity and Authentication Services
Showing posts in English
Teresa Law | 18 Aug 2014 | 0 comments

If anyone needed another reason to be wary of using solely passwords to protect their accounts, the recent report of the Russian cybercrime team that stole 1.2 billion usernames and passwords from 420,000 websites is that reason.  It makes you wonder, 1.2 Billion Login Details Stolen. Time To Retire The Password?

Although the attackers have not sold much of the stolen data, because of our propensity for password reuse the risk is there to cause significant personal damage, fraud, and outright theft.

One of the best ways to protect your online accounts is through a second factor of authentication - that way even if your password is compromised your account is still protected.  Below are some tips to protect your online data:

  • Use strong, unique passwords and never reuse them across other online accounts.
  • Activate two...
Teresa Law | 27 Jun 2014 | 0 comments

Managed PKI Service 8.11 featuring a self-service portal, administrator enhancements, and updated platform support has been made generally available to customers.

Feature Details

Self-Service Portal

Managed PKI 8.11 provides a Self Service Portal that allows your users to manage their own certificate lifecycle operations (such as viewing, enrolling for, renewing, and revoking certificates, and downloading root CAs).  The new self-service portal will not only improve the user experience, no more waiting for the Helpdesk to address their issue; but it also reduces the burden on IT.   Allowing users to address credential management themselves frees IT to address other strategic issues.  This feature is available to all customers who have Enterprise Gateway.

Support for SHA2

This release establishes SHA2 as the default signing algorithm for existing and new accounts to provide the...

Teresa Law | 27 Jun 2014 | 0 comments

VIP Enterprise Gateway 9.5 supporting authentication using VIP Access Push has been made generally available to customers.

You can now use VIP Access Push to access your corporate network through your VPN, in addition to web-based applications and with web service APIs.  The best part is you don’t need to dramatically change your current behavior, you just have one less step in the login process.  When using Push verification it's no longer necessary to enter the 6-digit code at the end of your password- you just enter the same userid and password you’ve always entered, tap the Allow button on your mobile device, and you’re in!

Two-factor authentication is an important piece of any resilient security strategy, providing a second layer of security beyond a simple password helps keep attackers out.   However, two-factor authentication is only valuable if it’s used, so it must be easy.  VIP Access Push makes authentication easy, which in turn...

Teresa Law | 17 Jun 2014 | 0 comments

The release of VIP Access for Android on June 16th is a landmark event, as it is makes use of market leading technology to create a highly secure application. We are certain this is just the beginning of a trend to provide greater security for mobile devices.

We have seen in the distant past extensive use of hardware tokens because of the high degree of security they provide, but you sacrifice the user experience.  With the proliferation of mobile devices users have demanded a more user friendly option – mobile credentials.  Mobile credentials have been embraced by all industries, although certain industries are more security conscious than others: financial, government, and many large enterprises. Mobile credentials provide a high degree of convenience, but for these sensitive applications a higher level of security is welcome; particularly for Android devices. Through the work of Trustonic and Giesecke & Devrient (G&D), VIP is able to utilize a hardware...

Teresa Law | 28 May 2014 | 0 comments

A recent article in the Silicon Valley Business Journal reinforces the fact that the era of the password is over.  We all know passwords alone are insecure, and when used as the only means to secure access can be easily compromised leading to costly breaches.  Google is the latest to offer a stronger form of authentication by planning to get users to verify their identities with a “Login Challenge,” in a bid to prevent unauthorized access across all of its Web services. For example, Google will send users a text message with a verification code, which they will have to use in order to gain access to their accounts. Users will receive the challenge should the login pattern be different from users' previous attempts. The search giant noted that the move to implement two-factor...

Teresa Law | 13 May 2014 | 0 comments

In the article Bitly embraces two-factor authentication after data breach, Forrester analyst Andrew Rose told SCMagazineUK.com that “Reading Bitly's comments today, two things jump out - Bitly's comments about "immediately enabling two factor authentication" for a remote data store, suggests that their remote access methodologies were simple ID and password. This is a vulnerable state to be in and one which has ultimately come back to haunt them.”

Bitly is the latest in a growing number of companies finding value in two-factor authentication, which has now been enabled for Bitly accounts on the source code repository, company-wide and at third-party services. They say end users don't have this facility yet, but they are working on “accelerated development” of two-factor authentication for Bitly.com.

As the Heartbleed...

Teresa Law | 08 May 2014 | 0 comments

During Nico Popp's session at Vision he proved how he didn't need a password or even to use his hands when logging into an online application - yes he is wearing Google Glass. That was the coup de grace after showing everyone the progression VIP is going to take to kill the password. Already the new Push verification has done away with the 6-digit security code, replacing it with the push of a button as the second factor. Next the password will be replaced with a PIN number as the something you know - the mobile device is the first factor (something you have). Finally, the PIN will be replaced by biometrics, the swipe of a finger on your smartphone. Your two factors are now something you have (smartphone) and something you are (fingerprint)- effectively killing the password. Nico took it a step further by showing how in the future wearable technology could possibly be used. He used the voice feature on his google glasses to show how they could be used to approve the login to...

Teresa Law | 02 May 2014 | 0 comments

Symantec User Authentication has some innovative new solutions to show you and forward looking information to share at Vision.  Please join us in our various sessions below to learn about what’s happening in authentication today… and tomorrow.

Session# 1517  Thursday  9:00am Augustus Ballroom 1

Join VIP of Product Management Nico Popp  who will  demonstrate (with some planned surprises) how we are getting to “A world without passwordshttp://bit.ly/1fqN29M 

 

Session# 1336  Monday 2:15pm  Augustus Ballroom 2

Roger Casals, Senior Director of Product Management will be talking about how our products are “Fencing the Cloud”, is it possible to use your mobile phone to open your garage door and access your email with just a...

Teresa Law | 29 Apr 2014 | 0 comments

The latest release for Symantec Validation and ID Protection Service (VIP) which continues to enhance the push verification technology has been made generally available to customers.

Feature Overview

Symantec’s new Internet Security Threat Report makes it clear that targeted attacks are still on the rise and that the risks of a data breach, even for smaller companies, is a reality.  Whether it’s a targeted attack, an infrastructure vulnerability that’s exploited by an attacker (such as Heartbleed), or simply the consequences of a lost or stolen credential, two-factor authentication is a necessity to protect your identity and by extension your online data from getting into the wrong hands.

In January we announced...

Teresa Law | 17 Apr 2014 | 0 comments

Symantec VIP would have dramatically reduced the threat of Heartbleed. Did you have it?

For those who haven’t been following the news (really?), the OpenSSL Heartbleed bug is one of the most serious security vulnerabilities to rear its ugly head in years. In short, Heartbleed could let an attacker steal all of your users’ passwords, which would have given them access to ALL your data.  So why are we still relying on just passwords?

For those businesses that use two-factor authentication, static passwords compromised by attackers using Heartbleed are next to useless. This is because two-factor authentication systems like Symantec VIP provide an additional layer of protection to the user’s account – typically a six-digit security code that changes every 30 seconds.  That means the attacker must have both the password and the security code – a security code that has either expired...