In most organizations, security solutions (and in particular MFA, multi-factor authentication) are not requested by the security department or even IT, they are mandated by the risks & compliance team. Indeed, although protecting information systems against intrusions and using specific technology for that sounds obvious, very few companies deploy a protection in anticipation. They more than often delay it until they are required to – or until they are hit so badly that they nearly go out of business (giving recent examples would make this blog post considerably too long).
inWebo Blog: Exploring Authentication, Identity, Privacy, and Security
Organizations have many different ways of implementing multi-factor authentication (MFA). In particular, some organizations have reused preexisting authentication mechanisms such as Active Directory in their MFA implementation, some have not. However, the applications protected by MFA or the devices used for MFA can’t really explain the variety of MFA implementations. What is it then? History? Geography? Random? More importantly than the reason, what are the benefits and implications of the various approaches?
A few years ago, the security industry made (another) brilliant marketing move. When the forces reluctant to multi-factor authentication threw what they thought would be their trump card, “But authentication creates friction!”, some leading vendors, instead of polishing their products to improve the user experience, just embraced the argument Read More
Multi-factor authentication has become a lot less expensive in the last 5-7 years due to the possibility to replace hardware tokens with mobile Apps, aka “soft tokens”. inWebo was one of the pioneers of this (r)evolution as early as 2008. But this missed a hard fact: since the generalization of WiFi, users accessing applications protected by multi-factor authentication do it almost exclusively from their own device(s) Read More
The odds are that you were first exposed to some form of advanced authentication as an employee when you were given a key-chain token to connect to the company VPN or webmail, or as a customer when you received a code in a short text asking you to confirm a transaction. Although these look like completely different technologies, they have exactly the same single purpose Read More
The time of the Business of Identity has arrived. From an obscure technical topic a couple of years ago, Identity and Access Management (IAM) has gained visibility from CIOs and other C-level executives. Read More
Although passwords are being defeated over and over, most websites and applications still rely on them. Authentication is one of the most used features: millions of websites, billions of users, all the time. The size of the potential market alone Read More
With predicted market size in tens of billions, the Internet of Things (IoT) is the new big hype. Given how broken the security of the current Internet is, it’s easy to imagine a scary IoT. Read More
What has just happened
A security vulnerability has been discovered this week. One more and why should I care, you’ll ask.
This vulnerability, romantically named “Heartbleed”, impacts some versions of a tool called OpenSSL. You know that when you enter confidential information online, such as a credit card number, you should check that there’s a lock icon in your web browser navigation bar. Read More
2013 has seen a new authentication acronym emerge: FIDO – for Fast Identity Online. It’s a Silicon Valley initiative aiming at creating a large market for strong authentication by establishing standards. All previous such initiatives have failed – not that they lacked prestigious supporters. Which challenges does the FIDO Alliance face? What will make it successful? Read More