Authentication

Context-Based, Next-Generation Authentication: Key Traits and Endurance

When analyzing a particular component within a security ecosystem, it is always useful to first take a drone’s-eye view of the system. This strategy can be used to map precisely where within the infrastructure the component may be deployed most efficiently. Where is its mission critical? Where can it profitably replace an alternative? Where will…

Does EMV Make Online eCommerce Transactions Safer?

Ok, let’s get this quickly out of the way: EMV, the non-swipe chip-embedded credit cards are sturdy barriers against (in-person) credit card fraud.  However, when it comes to card-not-present eCommerce transactions (e.g. online ecommerce) where EMV is not a factor and where cybersecurity threats continue to proliferate, shouldn’t the customer experience be as secure and…

The Compromised Affair

If people’s credentials are compromised, that is a bad thing. Everybody knows that. But what if those compromised credentials include people’s biometric data? What value does a stolen fingerprint template or an encrypted voice profile provide to hackers? And what steps can companies take to reduce the risk associated with dealing with such information? Six…

Empower IT to Say Yes More Than No

Pity the poor (IAM) administrator in IT. They often have to juggle the needs of multiple constituents and weigh the conflicting demands of users and their network security counterparts. As users typically clamor for faster, more convenient access to more apps, security operations insists that control be maintained at all times over corporate assets and that…

How a Selfie or Finger Swipe Can Help Prevent Mobile Fraud

RSA is delighted to announce the availability of RSA Adaptive Authentication Mobile SDK 3.0 and with it our agreement with EyeVerify, the creator of Eyeprint ID™. RSA’s Adaptive Authentication Mobile SDK allows organizations to embed risk-based authentication capabilities directly into their mobile app. Mobile SDK 3.0 integrates in app biometric step up authentication for high risk login…

Intelligence-Driven IAM: The Perfect Recipe

Another day, another breach, right? It’s almost like we’ve started to become desensitized to them. But, as a security professional, I want to implore upon you the importance of every single breach – no matter how large or small. They all can cause negative consequences – on the corporation whose share price plummets, or on…

Would You Rather, Part 1: Authenticate Users or Monitor Transactions?

There is a popular conversational game that children play typically known as “Would You Rather,” in which someone asks you to choose between two options and explain your reasons for making that choice. For example, “would you rather be rich or famous?” Or “if you could have one superpower, would you rather have superhuman strength…

We’re not gonna take it!

After listening to the White House Summit on Cybersecurity and Consumer Protection last Friday, I went out to dinner with some friends in the security industry and we jokingly discussed “if the cybersecurity industry had a theme song what should it be?”  We all agreed that Twisted Sister’s “We’re not gonna take it” would be…

Secure Crypto: Leaving Insecurity Behind

There are a number of TLS protocols vulnerabilities that have been discovered in recent years. Of those there are three that can and should be prevented by design: Renegotiation Attack, Triple Handshake Attack and CRIME. The Renegotiation and Triple Handshake Attacks both rely on failures in the design of the renegotiation feature. The original Renegotiation…

Secure Crypto: Survival of the Strong

Not all TLS cipher suites are made equal. Some cipher suites use weaker algorithms and others don’t provide independent handshake security. The cipher suites to avoid include those using: SHA-1 as the digest algorithm and/or RSA for key exchange and authentication. A digest algorithm is used in the handshake in three places: ensuring the integrity…