Our Clients in the News
See what all the chatter is about.
“It’s more important than ever to manage your passwords online, and also harder to keep up with them. That's a bad combination. So the FIDO Alliance—a consortium that develops open source authentication standards—has pushed to expand its secure login protocols to make seamless logins a reality. Now Android's on board, which means 1 billion devices can say goodbye to passwords in more digital services than seen before.”
“The other camp is this modern camp, which includes security key and standards like U2F and WebAuthn. It's a game changer, because the user no longer has that burden of responsibility. In the modern technique, you flip it upside down -- the site or app has to prove to the key that it is legitimate, that it is exactly what it claims to be and if, and only if, that proof succeeds will the key release its information back up to the site.”
“The tools required to become less dependent on password-based security are now in place, according to the Fido Alliance, a consortium of tech industry partners, including Amazon, Facebook, Google, Microsoft and Intel, that are working together to establish standards for strong authentication.
“This is the year to deploy FIDO Authentication because all the pieces are there to do it, all the platforms are supporting it, and so there are no longer any reasons to delay,” said Andrew Shikiar, chief marketing officer for FIDO.”
“On the simple question of “do you use 2FA?”, the answer was an emphatic yes. A full 86 percent of readers use it when available, and another 13 said that they use it sometimes. Just 1 percent said that they don’t use it at all.
One respondent pointed out in an additional comment that it’s the type of second-factor that’s important. “I trust FIDO security keys entirely; I don’t trust the other forms as much,” they wrote.”
“The U.S. Payments Forum recently stated that 99 percent of the top 200 retailers now have the equipment necessary to accept chip cards, and the transactions make up 60 percent of overall transaction volumes in the U.S. Additionally, more than 50 percent of transactions are taking place at contactless payment-enabled merchants, the forum reports.
"Chip payments are effective at reducing fraud and they were introduced to curb in-store counterfeit card fraud, which was the largest source of fraud in the U.S.," says U.S. Payments Forum Director Randy Vanderhoof. "Counterfeit card fraud is down over 80 percent at merchants that have enabled chip, so it is indeed working."
“McDowell said the latest FIDO standards, known collectively as FIDO2, “were specifically designed to be built directly into operating systems and web browsers.”
And he said that is happening – they are already built into the latest versions of Windows 10, Google Play Services on Android, and the Chrome, Firefox, and Edge web browsers.
And as reported just last week, Apple has shipped FIDO2 support in its latest developer preview version of the Safari web browser.”
“In the latest version of Windows 10, version 1809, Windows users can use Edge to sign in to Office 365, Outlook.com, Skype, and OneDrive with a FIDO2 USB security key, such as Yubico's YubiKey 5 or Security Key.
WebAuthn works with a protocol called Client to Authenticator Protocol (CTAP), which FIDO keys rely on to generate private and public cryptographic key pairs for authenticating to a website. CTAP2 is also called FIDO2.
The standard could reduce the dangers of users picking poor passwords and having them compromised in a breach or phishing attack.
An attacker armed with a correct password would also require physical access to the security key. The security key also offers better security than one-time-passcodes since these can be intercepted.”
“Microsoft first enabled its account users to sign in without a password using the company’s iOS and Android Microsoft Authenticator app. It was the first step towards password-less logins, and support FIDO2 security keys is the next logical step. Google and Facebook have already been using USB tokens to secure accounts, and Microsoft is planning to bring this same support to work and school accounts that use Azure Active Directory. As Microsoft has adopted open standards by the W3C and FIDO Alliance standards bodies, Chrome and Firefox will also be able to use these security keys to log into a Microsoft Account once they support the FIDO2 standards.”
“Malware seeks to steal, block or alter data. It’s the kind of code used to steal your passwords or credit card numbers. And it can also steal your vote. It’s recently been used in a number of other countries. With Comodo Cybersecurity malware detection data, for instance, we measured the spread of different malware types before and after the 2018 presidential elections in Turkey. The figure below shows the order in which various types of malware appear — which tells us how they are working to influence an election.The orange line shows Comodo’s trojan detections in Turkey, which occurred on June 21 — three days before the election.”
“FIDO's greater achievement is getting widespread support from the tech industry. The alliance has brought together big names such as Google, Microsoft, Amazon, and Intel to develop standards that would be easy to implement on different device types and operating systems.”
“A better solution is to move away from passwords altogether with biometrics, one-time codes, hardware tokens and other multi-factor authentication options that exchange tokens and certificates without users needing to remember anything. Comprehensive support for a full set of passwordless options is only just starting to arrive. FIDO2 (Fast Identity Online) is the cross-platform way the industry is achieving this.”
“The tech you need for better security won’t always be a key. Any device that works over USB, NFC or Bluetooth is currently supported by FIDO’s technology. It might even be a chip inside your phone or laptop itself that allows you to log into everything the way you unlock your device—your fingerprint, or face, could be the only password you need anywhere. In that world, life online gets a lot easier.”
“Pulse Secure plans to roll out on-demand provisioning and pay-per-use pricing to reduce the up-front investment required from MSSPs. The offering will make it easier for cloud service providers and even traditional resellers going through two-tier distribution today to become managed security service providers. Instead of tying up money in up-front equipment purchases, the savings can be used for customer acquisition and new services so their business can expand faster.”
“Targeted attacks can easily compromise more than half of critical infrastructure systems because of ICS stations that run outdated installations of Windows systems which no longer receive security updates from Microsoft according to CyberX's 2019 Global ICS & IIoT Risk Report.”
“Some of the biggest, most security-conscious companies on the planet supply their employees with security keys—including Google—because it’s a very useful extra layer of protection on top of your super-strong password. It works like two-factor authentication because another ‘credential’ is required for account access. You can buy keys straight from Google, or pick up alternatives for around $50. Look for the FIDO U2F standard, which is the most commonly used one.“
“FIDO Alliance has launched FIDO2 browser support and first certified products are now available to reduce password use on the web. Any website can leverage FIDO2 strong authentication protocols from the W3C and FIDO Alliance to replace passwords with cryptographically secure logins using alternatives like on-device biometrics and FIDO Security Keys. “
“The standards, known under the banner FIDO2, offer protection against account hacking, credential theft, and phishing attacks that have plagued the Internet to the tune of billions of credentials stolen over the past few years. FIDO2 represents the building blocks to go beyond basic log-in and specify the first strong authentication standard for the web — thus providing users secure credentials that resist attack.”
“…the industry is seeing greater interest as businesses aim to increase security and decrease friction. Biometrics is seeing renewed interest, especially in the context of new FIDO standards.”
“I’m a big fan of anything the FIDO Alliance does. The FIDO 2.0 open standard led to the very popular FIDO Universal Second Factor (U2F) standard. U2F relies on public key cryptography, and any U2F-enabled solution must securely store the user’s public key pair on the device. The private key (of the key pair) should always remain secured stored and used only on the U2F device, but the related public key can be shared off the device.”
“These organizations are attracted [to Pulse Secure] by a unified solution that combines secure access from any device to any system, proven capabilities to deliver applications with high performance and system-wide tools to manage their infrastructure efficiently for both security and performance.”