inWebo Blog: Exploring Authentication, Identity, Privacy, and Security

When to merge IAM and MFA

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

to merge or not to merge

Identity & Access Management (IAM) is employed by organizations to manage user identities and permissions related to resources, processes, and applications. It’s essential in automating user-related processes (hire, leave, move within the organization, etc.) but also in mitigating risks and maintaining compliance by enforcing the “principle of least privilege”.

Read More

When do you need MFA

When do you need MFA? Balancing security, regulation, and business needs

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

According to analysts, IT-security spending is expected to grow at least twice faster than IT-spending this year (2019). This is both an acknowledgement that the environment is increasingly risky and a realization that investments in IT-security have been too weak until recently. If you’re an IT-security professional, this is certainly a good news since your organization acknowledges in its budget the importance of your work. But don’t dream too high, you will still need to prioritize security projects for the years to come. Read More

Is 2FA broken

2FA Is Dead… Long Live 2FA!

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

Recently, a series of articles and reports has cast doubts on the efficiency of 2FA (2-factor authentication). Their conclusions differ, ranging from “You’re stuck” (sensation news reporting that “Researchers have broken 2FA”), to “Switch to cryptography-based MFA now!” (FIDO Alliance-commissioned report by Javelin Group), to the more nuanced “2FA is probably better than nothing but we wish we knew more” (Josephine Wolff’s Opinion in the NYT). Their starting point, however, is the same: something is broken with 2FA… Read More

PSD2 Explained

PSD2 and what it means for user authentication

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

Open Banking is coming up. Starting September 2019, Account Servicing Payment Service Providers in the SEPA zone (aka “ASPSPs” or … banks) must provide Payment Initiation Service Providers (aka “PISPs” or … Fintechs) with an API to access accounts data and initiate payments. As a consequence, Strong Customer Authentication (“SCA”) must be enforced on this API. Read More

Behavioral Biometrics

Behavioral Biometrics: Is It the Next MFA Standard?

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

If there is anything to be learned from 2017’s array of massive data breaches, it’s that single-password authentication is no longer enough to warrant security. Deloitte, one of the world’s top accounting firms, learned this the hard way. Last year, the company was hit with a massive hack that compromised private emails as well as confidential information of some its blue-chip clients. Sources told The Guardian that the breach occurred through an administrator’s account, which gave hackers unrestricted access to everything else. The account in question required a single password, with no two-step verification. Read More

5 most common challenges about MFA

The 5 Most Common Challenges of MFA – A Simple Guide to Analyzing Solutions

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

The selection of the “right” MFA solution can be tricky. First, because there’s a constant flow of innovation in the authentication industry, resulting in numerous and diverse technologies even for solutions supposedly following a standard. Second, because the applications and environments needing MFA are also very different (cloud vs. onprem, legacy vs. web, ldap vs. radius, SAML, or OIDC, etc.). Lastly because not all solutions have the same objectives or protect against the same risks. Read More

What MFA for the IoT

What MFA do we need for the IoT?

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

As we should all know by now, 1/ everything is getting connected, the Internet is no longer about computers and servers only but also about billions of objects that once belonged to distinct categories, such as consumer electronics, automotive, medical devices, industrial and infrastructure systems etc. And 2/, security issues are going to be even larger and scarier in the era of the Internet of Things.

This raises a few questions for the cybersecurity industry, such as: Are we ready to address this challenge? Have we developed the right tools yet? The short answer is no. Read More

Biometry two birds one stone

Biometry: Two Birds with One Stone

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

Passwords are prehistory. Passwords are dead. We’re going to end passwords. Sounds familiar? Google probably has millions of results for each of these searches. Yet, for as long as I can remember – since the rise of the World Wide Web at least – passwords have been fingerpointed as the flaw in this otherwise amazingly well engineered system. Read More

WannaCry, now what

#WannaCry, now what?

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

It was supposed to be a nice weekend, but for many people working in IT and security organizations, last weekend turned out to be a nightmare. A self-replicating ransomware going by the name of WannaCry hit several hundreds of thousands of computers worldwide, many of them in large organizations – the NHS, Renault, and Telefonica have been mentioned in the news. Every time such an attack makes it to the headlines, the priority for IT and security people is to manage the crisis: contain the spread, eradicate the worm, and resume normal business operations. This can take hours or days (and nights), sometimes longer, but hopefully everything is back to normal before the next one hits.

Read More