Articles about authentication

Silhouette of spy discerning password from code uses a command on graphic user interface

Digital video recorder installers master password list 'leaked' – claims

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again. The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online. "If the creds are what we think they are, …
John Leyden, 11 Jan 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

Travel booking systems ‘wide open’ to abuse – report

Updated Legacy travel booking systems disclose travellers’ private information, security researchers warn. Travel bookings worldwide are maintained in a handful of Global Distributed Systems (GDS) built around mainframe computers linked to the web but without adequate security controls, say the researchers. “The systems have since …
John Leyden, 4 Jan 2017

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 7 Dec 2016
Mobile banking, image via Shutterstock

Visa cries foul over Euro regulator's stronger authentication demands

The EU banking regulator’s plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry. Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online …
John Leyden, 23 Nov 2016

True man-in-the-middle: Transmitting logins through the human body

Computer science researchers at the University of Washington are developing a technology to securely send data through the human body rather than wires or the air. Passwords sent over insecure networks are liable to sniffing. This well-understood problem is most easily mitigated against using VPN technology but now security …
John Leyden, 4 Oct 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Valid logins to your workplace are on the net, right now

Enterprises are almost universally open to intrusion attempts with stolen credentials, and are at increased risk from compromised smartphones thanks to a spike in device malware. The findings stem from two separate studies. Digital Shadows research [PDF] reveals 97 percent of the Fortune top 1000 largest companies face …
Team Register, 23 Sep 2016

Brits: Can banks do biometric security? We'd trust them before the government

Brits have more faith in their banks than government agencies to roll out authentication technologies based on biometrics, according to a new survey from Visa. Consumers are nearly twice as likely to trust banks to store and keep their biometric information such as fingerprints and iris scans safe (60 per cent), than they are …
John Leyden, 19 Sep 2016

HSBC: How will we verify business banking customers? Selfies!

UK bank HSBC will allow business customers to open new bank accounts using selfies as part of plans to simplify its application process. The bank will use facial recognition software to verify self-portrait photos taken by customers using their smartphones. A headshot selfie is then assessed against an ID document uploaded by …
John Leyden, 5 Sep 2016

Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …
John Leyden, 2 Sep 2016

Google to block web views from using its OAuth

Google's decided that web-views should no longer be able to use OAuth requests, and is deprecating them in Android, iOS, Windows and OS X as of October. What that means is that while (for example) Android's embedded browser will be able to handle OAuth requests, third party app logins won't be able to use web-views for OAuth …
Password

Cloud backup biz IDrive hits password reset button to head off crims exploiting lazy logins

Cloud-based backup outfit IDrive has reset an unspecified number of customer logins to thwart miscreants who are exploiting people's password laziness. Too many netizens each reuse the same passwords across many websites; if you hack one site, you can potentially get all the details you need to log into many other accounts on …
John Leyden, 3 Aug 2016

Argos changes 150 easily guessed drop-off system passwords

UK catalogue store chain Argos has changed shop passwords for its drop-off store facility after a Reg reader inadvertently discovered staff relied on weak in-store access credentials to service orders. The reader – who asked not to be named – came across the issue when she went to send two eBay parcels via the Argos drop-off …
John Leyden, 29 Jul 2016

You really do want to use biometrics for payments, beam banks

Two in three European consumers actively want to use biometric technology when making payments, according to a new Visa-sponsored survey. Nearly three in four (73 per cent) see two-factor authentication – where a form of biometrics is used in conjunction with a payment device – as a secure payment authentication method. More …
John Leyden, 14 Jul 2016

Google to kill passwords on Android, replace 'em with 'trust scores'

Google is planning to use “trust scores” to kill off traditional passwords on Android. The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week. Google's Trust API technology would use a variety of metrics to create a trust score. …
John Leyden, 24 May 2016

USB-C adds authentication protocol

The USB 3.0 Promoter Group has announced it has devised and will adopt a new “USB Type-C Authentication specification.” The specification means makers of USB devices will be able to encode them with information about their source and function. When connecting to those devices, machines like computers or phones will be able to …
Simon Sharwood, 13 Apr 2016

Confused by crypto? Here's what that password hashing stuff means in English

Cryptography is dead hard. But being conversant in the key aspects of cryptography – to the extent that you could even explain some of it to colleagues and management – puts you one step ahead of most. Here are five things that'll make you sound like you know what you're talking about. 1. Digital certificates The most common …
Dave Cartwright, 25 Mar 2016
Mobile banking, image via Shutterstock

Third of US banks OK with passwords even social networks reject

Six of 17 major US banks have weaker password enforcement procedures than most social networking websites, according to a new study by an American university. The banks ask users to set up passwords that include letters and special symbols, but a study by researchers at the University of New Haven shows that in around a third …
John Leyden, 3 Mar 2016
Archer cracks the ISIS mainframe's password

Hackers rely on weak passwords when brute-forcing PoS terminals

New research takes a fresh perspective on the passwords hackers use while scanning the web rather than the weak login credentials users often pick. Security analysts Rapid7’s results come from a year’s worth of opportunistic credential-scanning data collected from Heisenberg, the MetaSploit firm’s public-facing network of …
John Leyden, 2 Mar 2016

Create a news alert about authentication, or find more stories about authentication.

Biting the hand that feeds IT © 1998–2018