Tag Archive for: work
Passkeys: The future of passwords? Understanding how they work
N
early everybody agrees that the way we use websites and services is broken.
The username-and-password combo universally used is both annoying for users and not great from a security perspective. Amid data breaches, that most people repeat the same, easily guessable passwords between websites and given the ease of constructing fake sites to steal logins, the internet is crying out for a better solution.
Well, one might finally be here: passkeys. These do away with passwords completely, allowing your phone to vouch for your identity.
How do passkeys work, and what are the drawbacks? Read on to find out.
What is a passkey?
Passkeys are a way of logging in to a website or service without a password to prove who you are. All you need is a device to vouch for your identity — most likely your smartphone*.
That sounds like a security nightmare, but it should prove a lot safer than the somewhat flawed password system we’ve used for the first few decades of the internet.
“A simple, yet secure sign-in procedure is exactly what people need,” Jake Moore, Global Security Advisor at ESET, a software company specialising in cybersecurity, tells The Standard. “Passkeys offer a simple, fast and secure sign-in solution. [They offer] a very positive impact on account security.”
For the user, the idea is to log in to a website the same way you open up your phone — with a PIN, a fingerprint or a face scan. When you register for a site or service, your login is linked to a single device and you just sign in via that: with no password to remember.
Behind the scenes, it’s a whole lot more technical, involving something called asymmetric cryptography. A public key is stored on the website you want to use, while an encrypted private key is attached to your device. When you try to log in, the site will grant you access only if the two match.
If you’re not working on the phone you registered with — if you want to log in to a site on your Windows laptop, say — then you’ll need to connect it to your phone via Bluetooth. Alternatively, you will have to prove it’s in range with the scan of a QR code. It’s a bit like two-factor authentication, without the password.
“Before now,…
Cisco to offer Webex air-gapped cloud system for security, defense work
Building on its WebEx product line, Cisco plans to deliver an air-gapped, cloud-based collaboration system for companies involved in US national security and defense work, extending the secure offerings the company already provides to industries that require collaboration tools with strong security measures to meet US government requirements.
Beginning in 2024, the new Webex system — Air-Gapped Trusted Cloud — will provide an added layer of security for teams collaborating through the Webex App, Cisco said.
An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. For example, an air-gapped computer is unable to connect to the internet or any other communications networks so as to have complete security with the information that resides within it.
Currently, the US government has an established approach to security assessment and authorization for cloud products and services for national security and defense. This includes air-gapped cloud deployments, which are isolated from public networks and operated on US soil by local staff with specific security clearances to handle sensitive data.
With the upcoming system for air-gapped cloud deployments, Cisco says that the new Webex tools will meet the security standards required by US agencies involved in national security and defense without compromising user experience.
“We have augmented our Webex collaboration solution with additional government-required security controls and operational capabilities so it can be deployed in a disconnected environment,” said Jeetu Patel, executive vice president and general manager for security and collaboration at Cisco. “This approach allows us to offer the modern experience to the National Security and Defense community.”
Cisco commits to FedRAMP requirements
In addition, Cisco has reaffirmed its commitment to providing on-premises solutions for top-secret collaboration — including calling, messaging, meetings, and file sharing — by bringing its enterprise-grade security in line with requirements set out by FedRAMP, the Federal Risk and Authorization Management Program,…
What is ethical hacking, and how does it work?
Ethical hacking, also known as “white hat” hacking, is the process of identifying and exploiting vulnerabilities in a computer system or network in order to assess its security and provide recommendations for improving it. Ethical hacking is done with the permission and knowledge of the organization or individual that owns the system being tested.
Ethical hacking aims to find flaws in a system before malevolent hackers may take advantage of them. The same tools and methods used by malevolent hackers are also used by ethical hackers, but their objective is to enhance security rather than cause harm.
Here’s how ethical hacking typically works.
Planning and reconnaissance
The target system or network is investigated by the ethical hacker in order to acquire data that could be utilized to find weaknesses. This could consist of information such as IP addresses, domain names, network topology and other pertinent facts.
Scanning
In order to find open ports, services and other details about the target system that could be utilized to launch an attack, the ethical hacker uses scanning tools.
Enumeration
To acquire unauthorized access, the ethical hacker searches the target system for more specific information, such as user accounts, network shares and other specifics.
Vulnerability analysis
To find weaknesses in the target system, such as out-of-date software, incorrectly configured settings or weak passwords, the ethical hacker uses both automated tools and human procedures.
Exploitation
The ethical hacker looks to take advantage of vulnerabilities once found in order to obtain unauthorized access to the target system or network.
Reporting
Ultimately, the ethical hacker records the flaws that were found and offers suggestions for enhancing security. The company or individual will then use this report to resolve the system’s or network’s security flaws and enhance overall security.
For businesses and individuals that want to guarantee the security of their computer networks and systems, ethical hacking can be a useful tool. Ethical hackers can aid in the prevention of data breaches and other security problems by finding vulnerabilities before they can be exploited by criminal hackers.
10…