Archive for the ‘Two Factor Authentication’ Category

Is Your Corporate Data as Secured as Your Own?

By DynaPass Inc. on March 11th, 2016

DynaPass Inc. is a provider of out-of-band two factor authentication online security solutions via a mobile phone.

Web-Security

Two Factor Authentication (2FA) has become an increasingly common tool over the last few years. As the number of cybercrimes continues to grow at an alarming rate, media attention to the topic has grown as well. For the most part, the press has treated cybercrime much the same way it treats everything else, with sensationalist/alarmist reporting, while never really hitting the heart of the topic. Everywhere you look on the internet or even in physical media, articles advise us to opt-in to 2FA whenever it’s available. The missing piece of advice is encouraging not just the end users, but companies and organizations, to make 2FA available. When an individual uses 2FA, while great, it is protection for only a single set of data on a single site. When an enterprise implements a total 2FA integration, not only does it offer this significantly stronger level of log-in authentication to every single one of its users, it also protects its finances, sensitive data, and reputation.

Recent years have seen a drastic increase in the use of compromised login credentials for everything from basic online purchase fraud to the largest of data breaches, and it’s only getting worse. According to the San Diego, California based Identity Theft Resource Center 2015 alone has seen the confirmed exposure of over 175 million data sets in the United States alone. Those 175 million are a bare minimum, any decent report will show that there are many more companies that experience data breaches, but never release their numbers to the public.

While some of these data sets may not include login credentials, many of them do. And as any internet search will show, there are a multitude of studies that demonstrate how common it is for people to re-use their username and password combinations across multiple sites. Criminals have adapted to this landscape. The availability of so many credentials has turned online fraud into an amateur’s game. Almost anyone with a criminal inclination and a little bit of patience can get a hold of and attempt to use these credentials across any number of websites. By adding a modicum of technique, this can be done in a way that is extraordinarily difficult to detect and almost impossible to prevent. With this in mind, every single username and password combination of your userbase can be seen as a potential fraud risk. DynaPass two-factor authentication puts up an immediate roadblock to these kind of threats. Even if criminals manage to find a set of working credentials, without the one-time use password sent directly to the user’s phone, the credentials only serve to alert the user that there was an unauthorized access attempt. It’s good for individual users, it’s great for companies.

Beyond the benefits of utilizing two-factor authentication for customer logins, 2FA used in a company’s IT infrastructure can provide protection for all it’s data, and based on recent history, potentially prevent devastating data breaches. According to studies such as Verizon’s 2015 Data Breach Investigation Report, compromised credentials have become the most commonly exploited point of attack in data breaches. Anthem, eBay, the US Office of Personnel Management, JP Morgan, all of these major breaches involved stolen user credentials. JP Morgan was missing 2FA on a single server which the criminals managed to exploit and leverage into high level access to the rest of their system. With two-factor authentication, those stolen credentials would have dead ended as soon as they came to the passwords sent to the legitimate users mobile phones.

Both sales fraud and data breaches are potentially devastating to your bottom line. While the losses from fraud are fairly straightforward, financial losses from data breaches are more complicated to quantify. The 2015 Cost of Data Breach Study (United States) from IBM and the Ponemon Institute puts the average cost of each record stolen in a data breach at $217, while other studies such as the 2015 Cyber Claims Study by Net Diligence calculate that number to be as high as $964 per record. Is your cyber security up to the task?

Over 600 Data Breaches this Year, Has Your Password Been Compromised?

By DynaPass Inc. on October 26th, 2015

DynaPass Inc. is a provider of out-of-band two factor authentication online security solutions via a mobile phone.

Cyber-Security-(2)

2014 saw a record number of data breaches, the United States alone having experienced 783 breaches with over 85 million confirmed record exposures according to the San Diego, California based Identity Theft Resource Center. If that was not bad enough, between January and October of this year, the U.S. has been plagued by more than 600 reported data breaches and the confirmed exposure of over 175 million records. How certain are you that your log-in credentials are safe?

In an effort to get the public to recognize the importance of cyber-security, the Department of Homeland Security and President Obama went out of their way to designate October as National Cyber Security Awareness Month in an attempt to get the public to acknowledge the threat posed by cyber criminals. It’s not just the genius hacker types that we need to be concerned about. According to the FBI’s Blog “sometimes using the least sophisticated means necessary cyber criminals can obtain passwords”. How many of your own passwords could be easily guessed based on your interests or significant dates in your life? How many of your different accounts use the same or similar passwords that could cause one compromised password snowball out of control? One example of a readily available cybercrime tool is a keystroke logger, a piece of software that will run in the background of your computer and log all your keystrokes to send back to the criminal. With a log of all your keystrokes, criminals can easily figure out your passwords. Keep in mind, this is just one of many similarly easy ways by which criminals may discover your passwords. If passwords aren’t secure anymore, what are we supposed to do to protect our data?

The FBI’s first advisory post for National Cyber Security Awareness Month put it quite clearly, “it is important to add another level of protection between the cyber criminal and you…Two Factor Authentication adds that 2nd layer of protection.” Two Factor Authentication, or 2FA, is a technology that increases security by incorporating requirements beyond something you know (your password). The second factor of authentication can be any number of things, a biometric test, a physical security token, your physical location data, or even something as easy as a secondary password sent to your mobile phone. At first glance it may seem that many of these 2FA options are equal. However, the real world truth is that the cost of setup and maintenance of hardware for biometrics and security tokens can be prohibitive, while physical location requirements just may not be feasible for many applications. These issues can make implementing two-factor authentication a daunting task.

DynaPass’ patented method provides 2FA by utilizing users mobile phones to send them a one-time use password via text message. By leveraging something so commonly used as a text message, DynaPass can increase your authentication confidence without adding maintenance costs or unnecessary complications to workflow.

5 Tips for Cyber Security

In the spirit of National Cyber Security Awareness month, we have provided a few tips to keep you safe online.

1. Think before you click. Healthy suspicion and being a bit skeptical will go far in keeping you secure.
2. Use a well-documented, reliable security suite. Good anti-virus software and browser/network security are essential.
3. Keep your software updated. Updates often include security upgrades that close newly discovered weaknesses.
4. Use strong passwords and avoid using the same password across different sites.Your best option is long and seemingly random string of characters. Password managers can help you keep different passwords in order.
5. And always remember, if two-factor authentication is available, make sure that you have it enabled.

Multi-Factor Authentication Market To Grow 17.3% Year Over Year, Worth $5.45 Billion by 2017

By David Tran on December 11th, 2012

According to a recent multi-factor authentication market research study published by MarketsandMarkets.com, the multi-factor authentication market is expected to reach $5.45 billion by 2017.  It is estimated that between 2012 and 2017, the year over year growth rate of the multi-factor authentication market will be 17.3%.  A key factor contributing to the fast growth of the multi-factor authentication market is the rising number of regulatory compliance requirements.  The global multi-factor authentication market has also seen significant growth in the popularity of phone based authentication solutions.

Phone based authentication solutions such as DynaPass’ two factor authentication solution are growing in popularity because it’s easy to implement, cost efficient, reliable, and most of all secure.  Since mobile phones are owned by over 85% of the U.S. population, users implementing phone based two factor authentications do not need additional hardware besides a mobile phone and there is no need to install software on their computer or phone.  Two-factor authentication, also called strong authentication, is a federally mandated method for user authentication when protecting sensitive information in industries such as finance, education, and healthcare.

For example, last year the FFIEC supplemental guidance outlined the blueprint for the security levels that financial institutions need to combat fraud and succeed in the competitive banking environment.  At the core of those requirements is customer authentication.  The guidance doesn’t outline a single type of authentication solution across all channels, but multiple security tools that give all channels true multiple layers of authentication, whether customers pay online or request bank transactions over the telephone.  DynaPass’ phone based two factor authentication allows users to receive a one-time password via SMS text message to their mobile phone to authenticate them.  This satisfies the “sometime you have” category, an essential component of the FFIEC’s multi-factor authentication paradigm that requires banks to have at least two of the categories for customer authentication, including: “something you know” (password, pin number), “something you are” (fingerprint, DNA, retinal pattern), and “something you have” (ID, ATM card, security token, mobile phone).

According to research firm Frost & Sullivan, people using mobile banking services will increase from 12 million in 2009 to 45 million by 2014.  This means that financial institutions operating without a secured environment will not be able to keep their customers who will move over to their competitors that have security features such as DynaPass’ phone based two-factor authentication.

The two-factor authentication model covers almost 90% of the market for multi-factor authentication and three, four-, and five-factor authentication models are less used when compared to two-factor authentication.  The multi-factor authentication market is spreading across all industries where security is a concern.  Currently, America is the biggest multi-factor authentication market with Europe and APAC following behind.  Phone based two-factor authentication is the security method of choice by many users and will continue to be since it is easily deployable, cost efficient, and effective.

Intel Confirms Acquisition of A Biometrics Company IDesia, But Is It Worth It?

By David Tran on October 10th, 2012

Intel has just acquired biometrics company IDesia, a medical devices company based out of Israel for several million dollars.  IDesia develops heart-based biometric technology that authenticates users by using electrical signals generated by the heartbeat and allows computers, mobile phones, gadgets and electronic devices to recognize these heartbeat signals.  The company previously raised $7 million from Partech International and Aladdin Knowledge Systems which is now a unit of SafeNet.  Gidi Barak, Chairman of IDesia, has also sold other companies to Intel.  In 2004, Barak sold Envara to Intel for $40 million and in 1999 he sold DSP Communications to Intel for $1.6 billion.

Biometrics has long been used as a way to authenticate users, but there are concerns those technologies such as face recognition and fingerprint readers can be easily manipulated.  Intel is hoping that monitoring heart beats is a more advanced and secure way to recognize users.  IDesia uses electronic signals, also called electro biodynamic signatures, generated by the heartbeat of an individual that is unique to each person and cannot be forged.  The signature is obtained through a user’s finger where electronic signals can be collected.  The product requires a user’s finger and a small metal sensor which appeals to airports, border crossings and personal electronic equipment.

It is not clear yet what Intel will do with the acquisition of IDesia, but Intel already has a presence in Israel with staff and other acquisitions in the country.  Last year Intel acquired Telmap for $300 million, which is an Israel location based services company and has become part of Intel’s consumer services division.

IDesia CEO, Dr. Daniel Lange will continue to serve as a consultant to Intel as IDesia’s products are integrated and stated, “Identification on the basis of heartbeat is not a biometric measurement recognized by any government body, we concentrated in recent years on sales in the consumer products sector and in this field large capital is needed to penetrate markets, and in Israel it is difficult to raise capital for an end-use electronic product.”  Lange also said, “I would be happier if the company had not to be sold because in my opinion it has great potential.  But as an entrepreneur the most important thing is that the technology will be brought to market, and it looks like Intel is the company that can ensure that.”

IDesia is unique and Intel may be able to use their technology to incorporate it into products such as smart phones and tablets which could monitor the heartbeats of patients as well as possibly use it to authenticate people.  This biometric technology hasn’t been proven to be secure way to authenticate people yet, but the technology could be of use in the healthcare industry since it measures a user’s electronic signals.

The technology is of interest to Intel since it has a big interest in the health care industry.  Intel has a joint venture with General Electric called Care Innovations to provide health care products such as tablets that are targeted at the health care industry.  In addition to that, Intel is also conducting research on health care for senior citizens.  With Intel having so much vested in the healthcare industry, they may use the biometric authentication technology to supplement their existing businesses or incorporate the technology in their products.

We believe that it is unlikely that the technology from IDesia will go into Intel’s next microprocessors, but Intel has already a team of developers in Israel that might find a use for it.  The Intel team in Israel was responsible for the architecture behind the Core and Core 2 microprocessors.

If Intel uses the IDesia technology to create innovative ways to monitor patient’s heartbeats or use it in other innovative ways they may have made a good acquisition, but if they are intending to use it to authenticate patients we believe that it will be a challenge to prove that the IDesia technology is a reliable and secure authentication solution.  Even if it is used to monitor heart beats of patients remotely, secure machine to machine security measures must be in place to ensure data is transmitted safely.  Biometric authentication such as facial recognition, retina scanning, and fingerprint scanning has been shown to be easy to manipulate and unreliable so Intel faces challenges if it intends to use IDesia’s technology to be a leader in the authentication industry.

We believe two factor authentication using a one-time password sent to a mobile device is still the most reliable way to authenticate users and will continue to be until new ways of authenticating users are developed.  Two factor authentication using one time passwords sent to mobile devices is currently used by Google, Bank of America, and Facebook.  With security breaches on the rise and more companies migrating their services to the cloud, we believe that two factor authentication systems such as those offered by as DynaPass’ out of band two factor authentication using a dynamic one time password sent to a mobile device willbe effective in protecting an organizations’s sensitive information and protecting their users.