All articles tagged with #multifactor authentication
Originally Published 15 days ago — by Ars Technica
The article discusses the risks and drawbacks of switching to eSIM technology, highlighting concerns about losing access to phone numbers used for authentication and the potential security issues, contrasting it with the reliability of physical SIM cards, and suggesting alternative security measures like Google Fi's approach to mitigate these risks.
Originally Published 1 year ago — by Ars Technica
Google has eased the requirements for its Advanced Protection Program (APP) by allowing users to use passkeys instead of two physical security keys for multifactor authentication. This change aims to make the program more accessible, especially for those who cannot afford or access physical keys. Passkeys, created by the FIDO Alliance, are stored locally on devices and provide strong security against phishing and credential theft. Users still need two devices to enroll, but the flexibility in device types enhances accessibility.
Originally Published 1 year ago — by WIRED
A significant data breach involving cloud storage company Snowflake may be one of the largest ever, with cybercriminals accessing customer accounts using stolen login details. The breach has affected major firms like Ticketmaster and Santander, with hackers claiming to sell data from other companies such as Advance Auto Parts and LendingTree. The incident underscores the importance of multifactor authentication and highlights the growing use of infostealer malware. Snowflake, along with cybersecurity firms, is investigating the breach, which has led to widespread concern and official alerts from cybersecurity agencies.
Originally Published 2 years ago — by Vox.com
Losing your phone can be a devastating experience, especially if you haven't taken the necessary precautions to protect your digital life. It is crucial to regularly back up your phone's data, either through your computer or to the cloud, to ensure that you have something to restore if your phone is lost or broken. Additionally, activating locator services like Apple's "Find My" can help you track and potentially recover your phone. It is also important to use unique and strong passwords for all your accounts and consider using a password manager to securely store them. Implementing multifactor authentication adds an extra layer of security, but make sure you have a backup plan in case you lose access to your phone. Finally, consider adding app-specific locks to protect sensitive information on your phone.
Originally Published 2 years ago — by American Banker
New York's Department of Financial Services has introduced new regulations requiring banks and other financial institutions to implement governance, reporting, and training measures to enhance their cybersecurity. The rules include a 24-hour deadline for reporting ransom payments made in connection with a ransomware event and a 30-day requirement to explain the reasons behind the payment. Banks must also implement multifactor authentication for employees and customers accessing their information systems. The regulations aim to protect customer data and maintain the integrity of the financial system in response to the increasing number of cyberattacks. The rules harmonize with existing regulations and frameworks and emphasize the role of boards in overseeing cybersecurity risk management. The regulations will be effective from November 1, with certain provisions taking effect at later dates.
Originally Published 2 years ago — by TechRepublic
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released new guidance on Identity and Access Management (IAM) challenges faced by vendors and developers. The document highlights the need for clarity in definitions and policies related to multifactor authentication (MFA) and Single Sign-On (SSO), as well as the lack of understanding and integration deficits in leveraging open standard-based SSO with legacy applications. The report also addresses the issue of SSO capabilities being bundled with high-end enterprise features, making them inaccessible to smaller organizations. Additionally, the guidance emphasizes the importance of MFA governance integrity over time and recommends the creation of standard MFA terminology and phishing-resistant authenticators to enhance security.
Originally Published 2 years ago — by CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released new guidance on Identity and Access Management (IAM), addressing challenges faced by developers and technology manufacturers. The guidance focuses on technology gaps that hinder the adoption and secure use of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations. While primarily aimed at large organizations, the recommendations are also applicable to smaller organizations. CISA encourages cybersecurity defenders to review the guidance and discuss its implementation with their software vendors.
Originally Published 2 years ago — by BetaNews
LastPass users are reporting being locked out of their accounts after being forced to reset their multifactor authentication (MFA) apps. The company implemented the reset following a series of security incidents last year. Users have found that LastPass does not recognize new MFA codes and they are therefore unable to access their accounts. Master passwords are also not working, and attempts to reset passwords are proving unsuccessful. Many users are frustrated because they cannot access support without being logged into their accounts. LastPass has a support document on its website that details how the reset process works, but failure to follow the instructions can result in accounts becoming inaccessible.
Originally Published 2 years ago — by The Philadelphia Inquirer
The Philadelphia Inquirer's operations were disrupted by an apparent cyberattack over the weekend, preventing the printing of its regular Sunday newspaper. While online posting and updating of stories to Inquirer.com continued, it was unclear when systems would be fully restored. The incident raises questions about The Inquirer's cybersecurity practices and infrastructure, and it comes as news organizations and other companies have seen growing online threats such as ransomware. Cybersecurity experts recommend news organizations to follow best practices such as using multifactor authentication.