Tag Archive for: Authentication

Continuous Authentication: The future of Identity and Access Management (IAM)

/in

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.

Usernames and passwords act as a gateway. Insert another authentication step on top of these credentials and this gateway becomes harder to infiltrate. But once access is gained, how can the device or Web application be certain that the authenticated user is, in fact, the same person throughout the entire session?

For example, you may log in and walk away from your device, creating an opportunity for someone else to take over your session and thus, your identity. Or more commonly, you may hand the device to a colleague – a non-authenticated user – trusting they won’t do anything nonsensical or malicious. In fact, according to a survey by B2B International and Kaspersky Lab, 32% of respondents who share an Internet-enabled device with their relatives, colleagues or friends noted that they do not take any precautions in protecting their information. 

To read this article in full or to leave a comment, please click here

Network World Security

Researchers create 3D faces from online photos to defeat face authentication systems

/in

Security researchers continue to find ways around biometric-based security features, including a new attack which can defeat face authentication systems.

You might be careful about posting photos of yourself online, either refraining from it or setting the images to private, but your “friends” might post pictures of you online. It wouldn’t matter if those pictures of you are low quality or there were as few as three publicly available photos of you, researchers from the University of North Carolina have developed a virtual reality-based attack that can reproduce your face well enough to trick face authentication systems.

In “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” (pdf), the researchers called “the ability of an adversary to recover an individual’s facial characteristics through online photos” an “immediate and very serious threat.” The team devised an attack which can bypass “existing defenses of liveness detection and motion consistency.”

To read this article in full or to leave a comment, please click here

Network World Security

Startup touts four-factor authentication for VIP-level access

/in

Startup Trusona is launching what it claims to be a 100% accurate authentication scheme aimed at corporate executives, premiere banking customers and IT admins who have unfettered authorization to access the most valued corporate assets.

The system uses four-factor authentication to assure that the person logging in is the person they say they are. It requires a dongle that is tied to a set of specific devices (phones, tablets, laptops), certain cards with magnetic stripes that the user already owns, and a biometric ID based on how the card is swiped through the card reader on the dongle.

The TruToken dongle is the miniaturization of anti-ATM-card cloning technology made by MagTek that reads not the digital data recorded on cards’ magnetic strips but rather the arrangement of the pattern of the barium ferrite particles that make the strips magnetic. The particles are so numerous and so randomly placed that no two strips have identical patterns, says Ori Eisen, Trusona’s CEO. That also makes the strips unclonable, he says.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Authentication startup brings on ‘Catch Me If You Can’ ID thief as adviser

/in

Authentication/identity-protection startup Trusona has enlisted the help of former identity thief Frank Abagnale — the subject of the movie “Catch Me if You Can” — to advise as it prepares to market what it claims to be an unbreakable cloud platform to make sure imposters don’t login.

frank abagnale Wikimedia

Frank Abagnale

Abagnale, now a security consultant, has helped out Trusona’s founder and CEO Ori Eisen before with his previous venture, ad-tracking and fraud prevention firm 41st Parameter, which was bought by Experian in 2013.

To read this article in full or to leave a comment, please click here

Network World Tim Greene