Author: Alex Brown
A self-professed technology geek, content writer Alex Brown is the kind of person who actually reads the manual that comes with his smartphone from cover to cover. His experience evangelizing for the latest and greatest tech solutions gives him an energized perspective on the latest trends in the authentication industry. Alex most recently led the content team at Boston-based tech company Form.com.
FBI Warns of MFA Vulnerabilities
In September the FBI’s Cyber Division released a Private Industry Notice (PIN 20190917-001) warning that they were observing attacks that were circumventing some widely-used multi-factor authentication (MFA) technologies. Specifically they called out PINs, security questions, and mobile one-time-passcodes (OTPs) using various techniques including SIM-swapping, man-in-the-middle (MITM), URL manipulation, and specialized browsers built to support advanced […]
Disney, Macy’s & T-Mobile were Just Hacked: Learn to Live with It!
Over the past few weeks significant data breaches involving three very well-known and respected brands were reported. The Macy’s breach, which resulted in stolen customer PII and payment information, seems to be the result of a targeted website breach. The T-Mobile breach method was not disclosed, but it did disclose PII for over 1 million […]
Transmit Journey Player™ vs. SDKs
We often get asked to explain the difference between Transmit’s FlexID Journey Player and SDKs used by other vendors, usually something like “Isn’t your Journey Player just a fancy marketing term for an SDK?” Granted it is a marketing term, but not just to make it seem fancy. It is used to explain something that’s […]
Modernizing Your Web Access Management Infrastructure
If you’re still using CA SiteMinder, IBM Tivoli Connect, Oracle Access Manager or any other legacy web access management (WAM) solution, I don’t have to remind you of the headaches of these older systems. They were built for simpler times when the Internet was new, clouds were just puffy things in the sky and APIs […]
Pixel 4 Face Authentication Flaw – Be Agile, Don’t Wait!
This is beyond amazing. So far – this month – three different issues with mobile biometric authenticators have been discovered. That’s correct – during the first three weeks of October issues were discovered with three different biometric authenticators, each on a different device. Three issues on three different biometric authenticators on three different devices in […]
Defend Your Systems from the Humans!
Proofpoint released their 2019 human factor report back in early September. We won’t go into the details but it basically boils down to 99% of cyberattacks rely on some form of human involvement. To be fair to us humans, attacks are getting more and more sophisticated, and cybercriminals have realized that people are much easier […]
You Must Choose Your Authentication Strategy Carefully
Exactly a month ago I wrote about why I believed the Microsoft Authenticator could be bypassed in a relatively easy manner. Yesterday, a blog post released by Microsoft mentioned that one of their customers was breached, pretty much using the same technique I described: A few days ago, our team helped someone who had been […]
Galaxy S10 Fingerprint Reader Bug: Be Agile or Wait for The Patch (again!)
Earlier this month I wrote about a bug in IOS 13 that caused the authentication dialog box to not be displayed, although the Touch ID capability may have still been there. This week we’re hearing about a bug in Samsung Galaxy S10 fingerprint readers. Apparently one can unlock the device with an unregistered fingerprint after […]
Making Vendor Selection Easy at Money20/20
While walking through the Money20/20 exhibitor floor aisles I continued to pass vendor booth after vendor booth. Being in the security and fraud prevention space, I particularly took note of the vendors that serve this market. I started thinking about how difficult it is for a security practitioner to make sense of all the clutter […]