Didier Perrot

When do you need MFA

When do you need MFA? Balancing security, regulation, and business needs

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

According to analysts, IT-security spending is expected to grow at least twice faster than IT-spending this year (2019). This is both an acknowledgement that the environment is increasingly risky and a realization that investments in IT-security have been too weak until recently. If you’re an IT-security professional, this is certainly a good news since your organization acknowledges in its budget the importance of your work. But don’t dream too high, you will still need to prioritize security projects for the years to come. Read More

Is 2FA broken

2FA Is Dead… Long Live 2FA!

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

Recently, a series of articles and reports has cast doubts on the efficiency of 2FA (2-factor authentication). Their conclusions differ, ranging from “You’re stuck” (sensation news reporting that “Researchers have broken 2FA”), to “Switch to cryptography-based MFA now!” (FIDO Alliance-commissioned report by Javelin Group), to the more nuanced “2FA is probably better than nothing but we wish we knew more” (Josephine Wolff’s Opinion in the NYT). Their starting point, however, is the same: something is broken with 2FA… Read More

PSD2 Explained

PSD2 and what it means for user authentication

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

Open Banking is coming up. Starting September 2019, Account Servicing Payment Service Providers in the SEPA zone (aka “ASPSPs” or … banks) must provide Payment Initiation Service Providers (aka “PISPs” or … Fintechs) with an API to access accounts data and initiate payments. As a consequence, Strong Customer Authentication (“SCA”) must be enforced on this API. Read More