Tag: identity | Page 2

Jasson Casey, Beyond Identity: “malware doesn’t care if your password is four characters or four thousand characters long”

July 12, 2023/in Computer Security

The increasing reliance on using the internet has businesses, governments, and individuals more aware of data security and identity protection. One of the primary concerns is password protection.

No matter how secure your passwords are, cybercriminals with the right malware will find a way to steal them. Even the leading VPN might be insufficient for full data protection and online security. Cybercriminals have access to the same advancing technology and software apps that the rest of the public does. That access resulted in an increase in cyberattacks by stealing passwords. Avoiding these risks means taking the time to learn more about preventative measures.

To discuss the issue in more detail, we spoke with Jasson Casey, the CTO at Beyond Identity – cybersecurity company advancing toward Zero Trust Authentication through constant risk assessment and continuous security validations.

How did Beyond Identity originate? What has the journey been like?

Two and a half decades ago, our founders – Jim Clark and Tom Jermoluk, made the World Wide Web accessible to all. They made it ready for business. Jim spearheaded the release of the Netscape browser along with SSL for secure Internet transactions. Tom focused on large-scale home broadband access with @Home Network. As businesses, governments, and individuals increasingly relied on the Internet, so too did bad actors. Bad actors eroded trust, stole intellectual property, and pilfered funds.

There are hundreds of billions of passwords in the world today. Yet, we continue to rely on this fundamentally insecure authentication model. Passwords are insecure because these “shared secrets” transit networks get stored in unprotected databases. They are also shared among friends and family. Ultimately, they’re reused across multiple apps. With the creation of Beyond Identity, the SaaS platform goes above and beyond FIDO standards. Our passwordless, invisible MFA supports broad authentication use cases. It turns all devices (including computers, tablets, and phones) into secure authenticators. Our platform validates the user and verifies the device is authorized. It checks the security posture of the device and executes an…

Source…

Preventing hackers from stealing your identity

July 5, 2023/in Computer Security

By now, you’ve probably seen a deepfake video or two come across your social media feed (hey, that deepfake Tom Cruise is pretty convincing). Did you know that deepfake audio is even easier to mimic?

To show how flawed voice authentication can be, computer scientists figured out a way to fool the technology in just six tries. Keep reading to learn more about how they did it and how to safeguard yourself.

Voice authentication 101

Voice authentication technology is primarily used by companies that must verify their customers’ identities. Verification with a customer’s unique “voiceprint” is standard practice in banking, call centers, and other institutions where keeping your info private is a major concern.

When you first enroll in voice authentication, you’re typically asked to repeat a specific phrase in your own voice. The company’s system then generates a custom vocal signature, or voiceprint, from whichever phrase you provided. Your voiceprint is then stored on a secure server.

Once your voiceprint is saved, it’s used in the future when you contact the company. You’re usually asked to repeat a different phrase than the one you initially gave, which is then digitally compared to your saved voiceprint in the system. If everything matches up, you’ll pass the test and gain access to your information.

Of course, hackers weren’t born yesterday. They got to work as soon as companies began implementing voiceprint technology on a large scale. Through AI machine-learning “deepfake” software, the bad guys figured out a way to copy voiceprints and skate through security measures.

To stop the deepfakes, voice authentication developers put “spoofing countermeasures” in place. Although they’re designed to tell a human voice from a robot one, the protection often falls short.

Who’s voice is it anyway?

Researchers at the University of Waterloo decided to play hacker for a day and attempted to crack their code. First, they pinpointed the characteristics of deepfake audio that…

Source…