SEARCH RESULTS
 
Showing 1-10 of 217 records
 
Expand article

End user security psychology, part II: Can knowledge-based authentication be effective?

2008-04-02 11:11:25 by Bill Nagel in Security & Risk Management
 
...authentication process drags on -- the more gantlets a user needs to run before being let in a site's front door -- the less secure those users perceive the site is Implementations of knowledge-based authentication (KBA) -- asking "secret", out-of-wallet questions that presumably only the end user knows the answers to -- on the Web have been...
 
Tags: authentication, authentication measures, authentication process drags, kba, security, single-factor authentication, implement kba, users, users perceive
 
 
 
 
Expand article

Keyloggers: Why Banks Need Two-Factor Authentication

The Article has images
2008-01-14 11:55:21 by Tim Bass in The Complex Event Processing Blog
...authentication . To illustratemy keypoints, I showedthe captive audiencevarious pictures of hardware keyloggers, for example the small black keylogger circled in the figure below There are PS2 keyloggers (illustrated above)and USB keyloggers. There are even keyboards with the keyloggers built into normal looking keyboards, so you have no...
 
Tags: two-factor authentication, keyloggers, inexpensive two-factor authentication, usb keyloggers, hardware keyloggers, 2fa involves, time, black keylogger, keylogger
 
 
 
 
Expand article

Increased Interest in Device-Specific Strong Authentication

2007-09-14 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast
 
...authentication mechanisms on a variety of client devices. Service providers, also, are interested in ensuring that end users are able to employ their mobile phones for two-factor authentication. Such organizations may also play the role of outsourcer and are concerned with the provisioning of credentials and new support models. Some of the...
 
Tags: mobile devices, credentials, strong authentication credentials, mobile phones, secure remote access, global mobile subscriptions, strong authentication mechanisms, phones, two-factor authentication
 
 
 
 
Expand article

Remote Client Authentication

2008-07-31 13:30:21 by Editor in IEEE Security and Privacy
 
The effectiveness of remote client-authentication schemes varies significantly in relation to today's security challenges, which include phishing, man-in-the-middle attacks, and malicious software. A survey of remote authentication methods shows how each measures up and includes recommendations for solution developers and consumers
 
Tags: remote, remote authentication methods, schemes varies significantly, solution developers, malicious software, includes recommendations, security challenges, attacks, include
 
 
 
 
Expand article

"Off the Peg" Authentication can lead to an ill-fitting suit

2008-07-31 00:00:00 by Andrew Moloney in Speaking of Security, the RSA Blog and Podcast
 
...authentication -- using secret questions (you know the kind of thing -- mother's maiden name, date of birth, name of your favourite Spice Girl, etc, etc) -- before brokers can get on with doing business with their clients by phone. This comes a few months after a city firm was hit with a 77k (~$150k) fine for failing to do just that Now,...
 
Tags: favourite spice girl, data security measures, financial services authority, client investment managers, mandatory extra authentication, fsa, secret questions, city firm, strong authentication
 
 
 
 
Expand article

New Tool To Be Released Can Steal Authentication Credentials Through Encrypted Secure Channels

2008-09-11 03:31:44 by CyberInsecure in CyberInsecure.com
 
New tool that can steal users authentication credentials makes websites used for email, banking, e-commerce and other sensitive applications less secure, even when theyre sent through supposedly secure channels. The toolkit, named CookieMonster, is used in a variety of man-in-the-middle scenarios to trick a victims browser into turning over the...
 
Tags: secure, supposedly secure channels, users authentication credentials, sensitive applications, victims browser, named cookiemonster, tool, gain access, authentication cookies
 
 
 
 
Expand article

Top Five Intriguing Ideas for Authentication in 2008

2007-12-10 00:00:00 by Sean Kline in Speaking of Security, the RSA Blog and Podcast
 
...authentication) that they need and take a more holistic approach to implementing their strategy
 
Tags: strategy, information risk management, organizations, broader strategy, increasingly adopt frameworks, authentication, individual applications, security doilies, controls
 
 
 
 
Expand article

Yahoos Browser-Based Authentication service

2006-09-29 20:52:58 by Liudvikas Bukys in Liudvikas Bukys
 
Yahoos release of open access to its BBAuth authentication service (see also here and here ) is a big step forward. Its just the thing for many simple applications. Its not as good as a user-controlled cross-provider identity scheme, but the emergence of a few real high-volume competing web services will help drive us there
 
Tags: cross-provider identity scheme, bbauth authentication service, real high-volume, step forward, yahoos release, simple applications, web services, emergence, access
 
 
 
 
Expand article

Extensible Authentication Protocol (EAP) Security Issues

2008-03-09 00:00:00 by Editor in Infosec Writers Latest Security Papers
 
This document, written by Samuel Sotillo, presents an overview on some security issues that affect the Extensible Authentication Protocol as defined by the IETF RFC 3748
 
Tags: extensible authentication protocol, security issues, ietf rfc, samuel sotillo, overview, affect, document
 
 
 
 
Expand article

PayPal E-mail authentication

The Article has images
2008-02-22 06:33:00 by Mike Rothman in Security Mike's Blog