Tag Archive | Authentication

Passwords are Losing Trust; Hello Fingerprints, Hashes, Unique Codes

One of the biggest vulnerabilities in computer security is the password. Let’s face it. Something’s got to give! What exactly will it take to authenticate somebody with their own personal information or data without being discovered or hacked?

There are many companies attempting to implement new changes in the way that users authenticate themselves. The best example is Google’s 2-step authentication. This system allows a user to log into their Google account like normal when they access it on their common browser/app…however, whenever they log in elsewhere, it requires an access code specialized for that given with a name.

Google has come up with other ideas such as having a smartcard embedded finger ring or using a smartphone to authorize a new device/computer to add to your account.

More companies are attempting hardware-based authentication. Most companies attempting such measures only have prototypes, and are awaiting the ability to beta the use. Most of these types of measures are called security or hardware tokens.

A pin or password is usually needed for devices…right? However, depending on the type of device will show what other forms of authentication are needed in addition to that. For example, a one-time password may be in order, similar to the Google access code as a second step in authentication, which would be too hard to hack. Others would take a challenge code, which would prove that your a human in public, instead of a hacker/robot on a different network trying to hack.

Many networking authentication proposals for authentication would only allow a certain unique IP address to access the login section or be able to enter a password. Some require a smart card or fingerprint. All of these are good ways to help authentication become more physical and legitimate.

Proving possession is everything in the computer security world now, but this type of authentication has been proposed for around ten years, at least. It’s time tpo get serious about authentication, and develop better solutions. This is the call to action.

Miley Cyrus sex tape scam details

Unbelievable? Another social engineering attempt. Here is a source on the non-existent Miley Cyrus sex tape:

Facebook scammers are using the promise of a non-existent Miley Cyrus sex tape to lure users into giving up temporary access to their accounts. Once inside, scammers run a script to create automatic posts that tag friends and propagate the scam.

Here, again, we are dealing with the well-known, if not utterly obsolete, “copy/paste code” method whereby the scammer aims to steal the victim’s Facebook authentication token. This grants the scammer temporary access to the targeted Facebook account, including the victim’s list of friends.[HOTforSecurity]

 

Protect against these types of scams:

 
US - avast! New Version 7 Products Generic

The Advantages and Disadvantages of Single-Sign-On (SSO) Technology (mini-whitepaper)

Overview

Single-Sign-On (SSO) is a user-authentication process, in which the user signs in to one screen name, and it makes multiple applications or websites unlocked or logged-in. Usually, the system will have conditional measures that will know what a certain user has access to, permissions, etc., and be able to provide the services. Now, the question brought to attention is, what are the advantages and disadvantages of single-sign-on?

Advantages

  • In the healthcare industry, it could be booming with single-sign-on. If a doctor were to need to sign-on to a database to access a patient’s files, he/she would also have to access x-rays, and other data that would be on a different application. Having a single-sign-on for all that would be life-saving and totally worth it. Not only that, but hours of saved time.
  • Apps such as OneLogin provide easy-access to tons of accounts across the board, particularly social media. It says on their site that they are supporting “identity & access management for the cloud”.
  • Could work wonders for those with disabilities. Having a disability may limit you from typing a lot of words at one time, or typing fast enough. If a single-sign-on system were in place, one login means much saved time.
  • Reduces the chance of forgetting your password. By having your one-set master password, it will be a lifesaver to not have to remember a ton of passwords.
  • Reduces IT help desk costs, by reducing the number of calls to the help desk about lost password.
  • Newer technologies are being implemented to help detect the attempt to hack a certain system, in which it would lock out the hacker from the remaining systems. But, this has more studying to prove how good it works.

Disadvantages

  • Vulnerability problems, such as with authentication, privacy keys, etc.
  • The lacking of a backup stronger authentication, such as smart cards or one-time password tokens.
  • The SSO is a highly-critical tool to keep up always. If the SSO goes out, the user would lose access to all sites.
  • It would be critical to have a good password, one that is very hard to crack. With the reduction of accounts, particularly the fact that SSO is in play, it’ll be easier to find and hack accounts. Once the SSO account is hacked, all others under that authentication are hacked as well.
  • SSO is bad news for a multi-user computer, especially if the user stays logged in all the time. This is more prevalent of an issue in plant operations, business floors, etc. where multiple users can access the computer (if the original user left their desk).

Examples of current implementations

  • Log-in with Facebook
  • Log-in with Twitter
  • Log-in with Linked-In or Apply with Linked-In
  • OneLogin
  • ANGEL Learning Systems

And many more.

Worth reading: Building and implementing a SSO solution

Conclusion

Overall, the usage of SSO systems are good and bad. Based on your organization or personal life, it is your choice on whether to use it or not. Based on how potentially problematic it may be, you will have to be on your toes about a lot of it. But, I guess the time you save trying to figure out or remember your passwords, you can spend on staying guard for SSO systems.

 


Get the review of Malwarebytes’ Anti-Malware

 

If this has saved you money or your organization money, or potentially provides savings, please donate to further our cause.

%d bloggers like this: