Silicon Republic – How do I protect my accounts? A guide to multifactor authentication

01SepSeptember 4, 2018 By Jason Hart

Protecting your online accounts is an essential part of life on the internet. This guide to multifactor authentication can help.

Data security is a top priority whether you are a CIO of a large company or an individual who wants to keep their emails private.

As cyber-threats evolve and change, a single password system just doesn’t make the safety grade any more. Many people use the same password for multiple accounts but we cannot be reliant on a single form of authentication in an increasingly threatening digital landscape, where phishing and other threats are lurking.

Enter multifactor authentication (MFA). From single-use codes to physical security keys, users and businesses need to navigate the options on offer. Siliconrepublic.com spoke to some experts to find out what’s best.

CTO of data protection at Gemalto, Jason Hart, said: “While this technology is still not a standard security process for all organisations, consumers are likely to have come across it, with Facebook, Google and Twitter being strong advocates of the technology to protect users from cyber-criminals [who partake in] brute-force cracking, phishing attacks, or simply guessing static passwords using information shared by the user online.”

This method of MFA is probably the least secure option, as hackers can exploit the underlying SS7 signalling protocol. Curran explained that this could “spoof a change to a user’s phone number, intercepting their calls or text messages”.

Bad actors can also use the tried and true social engineering method of “tricking IT support staff into assigning accounts to ‘dummy sim cards’, thus rendering this form of two-factor authentication [2FA] useless”.

To read the full article click here.

ID Bulletin: EXPERT PANEL: Is replacing the password realistic and should we even try?

03AugAugust 3, 2018 By Jason Hart

id-bulletin Passwords have always been like Japanese Knotweed – once you have introduced them it is almost impossible to get rid of. But is this still the case? Is trying to replace passwords realistic? Or should we all just get better at managing them? We asked the experts for their opinion…

“The simple truth is, no matter how complicated they are, there is no such thing as a safe static password. A password that does not change can easily be hacked, should the hacker find this out through methods like social engineering. Any business that handles customer data owes it to their customers to roll-out more vigorous authentication procedures such as one-time passwords and two-factor authentication methods. These are basic controls that can be easily implemented to add that extra layer of protection. If businesses continue to rely on the static password, we’ll continue to see regular security breaches occur on a daily basis.”

To read the full article click here.

TEISS – Info security hurdle stops consumers from downloading retail apps

04MayMay 5, 2017 By Jason Hart

teiss2 A growing concern about how secure retail apps are and how they make use of consumer data is preventing many shoppers from downloading such apps.Three out of every four shoppers believe their information stored inside retail apps may not be very secure.

“As companies collect ever-increasing amounts of customer data and as our digital interactions become more diverse, more data about what we do, who we are and what we like is being stored online. The survey proves that the traditional data security mind-set needs to evolve, this goes for companies and consumer adoption of advanced security measures like two-factor authentication,” said Jason Hart, vice president and chief technology officer for Data Protection at Gemalto.

“Otherwise, an increasing number of consumers will cut ties with companies who aren’t taking data protection seriously, and take their business to someone they can trust,” he added.

To read the full article click here.