Articles about authentication

Data breach

Identity management outfit OneLogin sugar coats impact of attack

Identity management outfit OneLogin has revealed it's suffered a security incident that's seen “unauthorized access to OneLogin data in our US data region”, but has offered rather scarier information in different documents. The company blog describes only "unauthorized access". In emails sent to customers seen by The Reg the …

LastPass resolves UK connectivity blooper

Cloud-based password manager LastPass has resolved an issue that left Brits unable to reliably access the service between Tuesday and Thursday this week. In response to queries from El Reg, LastPass blamed the tricky glitch on connectivity issues, which it has been able to route around and fix. A spokesperson for LogMeIn, the …
John Leyden, 12 May 2017

Team Macron praised for feeding phishing spies duff info

Emmanuel Macron's campaign team reportedly used fake logins and docs to waste hacker resources and frustrate phishing attempts. Although the newly elected French president's campaign was still hacked before the release of emails and other information last Friday, Team Macron's interference tactics have been heralded by at …
John Leyden, 8 May 2017
Mobile banking, image via Shutterstock

Realistic Brits want at least 3 security steps on bank accounts

Three in five Brits reckon that fewer than three security steps – including passwords, card readers or letters from a memorable word – are insufficient to assure their bank account is secure and not accessible by other people. The online survey, conducted by YouGov and sponsored by credit reference agency Equifax, found just …
John Leyden, 8 May 2017

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. All the hijackers need is the phone numbers of the appliances. The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This …
John Leyden, 13 Apr 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

Travel booking systems ‘wide open’ to abuse – report

Updated Legacy travel booking systems disclose travellers’ private information, security researchers warn. Travel bookings worldwide are maintained in a handful of Global Distributed Systems (GDS) built around mainframe computers linked to the web but without adequate security controls, say the researchers. “The systems have since …
John Leyden, 4 Jan 2017

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 7 Dec 2016
Mobile banking, image via Shutterstock

Visa cries foul over Euro regulator's stronger authentication demands

The EU banking regulator’s plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry. Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online …
John Leyden, 23 Nov 2016

True man-in-the-middle: Transmitting logins through the human body

Computer science researchers at the University of Washington are developing a technology to securely send data through the human body rather than wires or the air. Passwords sent over insecure networks are liable to sniffing. This well-understood problem is most easily mitigated against using VPN technology but now security …
John Leyden, 4 Oct 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Valid logins to your workplace are on the net, right now

Enterprises are almost universally open to intrusion attempts with stolen credentials, and are at increased risk from compromised smartphones thanks to a spike in device malware. The findings stem from two separate studies. Digital Shadows research [PDF] reveals 97 percent of the Fortune top 1000 largest companies face …
Team Register, 23 Sep 2016

Brits: Can banks do biometric security? We'd trust them before the government

Brits have more faith in their banks than government agencies to roll out authentication technologies based on biometrics, according to a new survey from Visa. Consumers are nearly twice as likely to trust banks to store and keep their biometric information such as fingerprints and iris scans safe (60 per cent), than they are …
John Leyden, 19 Sep 2016

HSBC: How will we verify business banking customers? Selfies!

UK bank HSBC will allow business customers to open new bank accounts using selfies as part of plans to simplify its application process. The bank will use facial recognition software to verify self-portrait photos taken by customers using their smartphones. A headshot selfie is then assessed against an ID document uploaded by …
John Leyden, 5 Sep 2016

Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …
John Leyden, 2 Sep 2016

Google to block web views from using its OAuth

Google's decided that web-views should no longer be able to use OAuth requests, and is deprecating them in Android, iOS, Windows and OS X as of October. What that means is that while (for example) Android's embedded browser will be able to handle OAuth requests, third party app logins won't be able to use web-views for OAuth …
Password

Cloud backup biz IDrive hits password reset button to head off crims exploiting lazy logins

Cloud-based backup outfit IDrive has reset an unspecified number of customer logins to thwart miscreants who are exploiting people's password laziness. Too many netizens each reuse the same passwords across many websites; if you hack one site, you can potentially get all the details you need to log into many other accounts on …
John Leyden, 3 Aug 2016

Argos changes 150 easily guessed drop-off system passwords

UK catalogue store chain Argos has changed shop passwords for its drop-off store facility after a Reg reader inadvertently discovered staff relied on weak in-store access credentials to service orders. The reader – who asked not to be named – came across the issue when she went to send two eBay parcels via the Argos drop-off …
John Leyden, 29 Jul 2016

You really do want to use biometrics for payments, beam banks

Two in three European consumers actively want to use biometric technology when making payments, according to a new Visa-sponsored survey. Nearly three in four (73 per cent) see two-factor authentication – where a form of biometrics is used in conjunction with a payment device – as a secure payment authentication method. More …
John Leyden, 14 Jul 2016

Create a news alert about authentication, or find more stories about authentication.

Biting the hand that feeds IT © 1998–2017