Articles about authentication

.UK domains left at risk of theft in Enom blunder

Updated Thousands of UK companies were at risk of having their .uk domain names stolen for more than four months by a critical security failure at domain registrar Enom. The security lapse allowed .uk domains to be transferred between Enom accounts with no verification, authorisation or logs. Any domains hijacked would have been “ …
John Leyden, 7 Sep 2017
Human iris. Photo by SHutterstock

The eyes have IT: TSB to roll out iris-scanning tech for mobile banking

TSB has announced plans to roll out iris-scanning technology for its mobile banking app from September. The move will make the UK high street bank the first in Europe to debut iris-scanning tech. TSB's iris recognition tech [source: TSB] Biometric authentication for banking, in general, has become commonplace over recent …
John Leyden, 20 Jul 2017
Big Ben and Underground sign. Pic: Crown copyright/MoD

UK Parliament hack: Really, a brute-force attack? Really?

Comment Just under 90 Parliamentary email accounts were compromised by a brute force attack on the parliamentary network over the weekend. And there is a long-established technology which can normally see off this kind of attack. Two factor authentication (2FA) technology has been ubiquitous among enterprises as an verification …
John Leyden, 26 Jun 2017
Data breach

Identity management outfit OneLogin sugar coats impact of attack

Identity management outfit OneLogin has revealed it's suffered a security incident that's seen “unauthorized access to OneLogin data in our US data region”, but has offered rather scarier information in different documents. The company blog describes only "unauthorized access". In emails sent to customers seen by The Reg the …

LastPass resolves UK connectivity blooper

Cloud-based password manager LastPass has resolved an issue that left Brits unable to reliably access the service between Tuesday and Thursday this week. In response to queries from El Reg, LastPass blamed the tricky glitch on connectivity issues, which it has been able to route around and fix. A spokesperson for LogMeIn, the …
John Leyden, 12 May 2017

Team Macron praised for feeding phishing spies duff info

Emmanuel Macron's campaign team reportedly used fake logins and docs to waste hacker resources and frustrate phishing attempts. Although the newly elected French president's campaign was still hacked before the release of emails and other information last Friday, Team Macron's interference tactics have been heralded by at …
John Leyden, 8 May 2017
Mobile banking, image via Shutterstock

Realistic Brits want at least 3 security steps on bank accounts

Three in five Brits reckon that fewer than three security steps – including passwords, card readers or letters from a memorable word – are insufficient to assure their bank account is secure and not accessible by other people. The online survey, conducted by YouGov and sponsored by credit reference agency Equifax, found just …
John Leyden, 8 May 2017

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. All the hijackers need is the phone numbers of the appliances. The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This …
John Leyden, 13 Apr 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

Travel booking systems ‘wide open’ to abuse – report

Updated Legacy travel booking systems disclose travellers’ private information, security researchers warn. Travel bookings worldwide are maintained in a handful of Global Distributed Systems (GDS) built around mainframe computers linked to the web but without adequate security controls, say the researchers. “The systems have since …
John Leyden, 4 Jan 2017

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 7 Dec 2016
Mobile banking, image via Shutterstock

Visa cries foul over Euro regulator's stronger authentication demands

The EU banking regulator’s plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry. Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online …
John Leyden, 23 Nov 2016

True man-in-the-middle: Transmitting logins through the human body

Computer science researchers at the University of Washington are developing a technology to securely send data through the human body rather than wires or the air. Passwords sent over insecure networks are liable to sniffing. This well-understood problem is most easily mitigated against using VPN technology but now security …
John Leyden, 4 Oct 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Valid logins to your workplace are on the net, right now

Enterprises are almost universally open to intrusion attempts with stolen credentials, and are at increased risk from compromised smartphones thanks to a spike in device malware. The findings stem from two separate studies. Digital Shadows research [PDF] reveals 97 percent of the Fortune top 1000 largest companies face …
Team Register, 23 Sep 2016

Brits: Can banks do biometric security? We'd trust them before the government

Brits have more faith in their banks than government agencies to roll out authentication technologies based on biometrics, according to a new survey from Visa. Consumers are nearly twice as likely to trust banks to store and keep their biometric information such as fingerprints and iris scans safe (60 per cent), than they are …
John Leyden, 19 Sep 2016

HSBC: How will we verify business banking customers? Selfies!

UK bank HSBC will allow business customers to open new bank accounts using selfies as part of plans to simplify its application process. The bank will use facial recognition software to verify self-portrait photos taken by customers using their smartphones. A headshot selfie is then assessed against an ID document uploaded by …
John Leyden, 5 Sep 2016

Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …
John Leyden, 2 Sep 2016

Google to block web views from using its OAuth

Google's decided that web-views should no longer be able to use OAuth requests, and is deprecating them in Android, iOS, Windows and OS X as of October. What that means is that while (for example) Android's embedded browser will be able to handle OAuth requests, third party app logins won't be able to use web-views for OAuth …

Create a news alert about authentication, or find more stories about authentication.

Biting the hand that feeds IT © 1998–2017