authentication

(get it in RSS or Atom)

RBS and NatWest banks to use Apple's Touch ID fingerprint system for mobile login

Touch ID. Image courtesy of Shutterstock.

The Royal Bank of Scotland and NatWest have launched a new mobile banking service that allows Apple customers to authenticate via Apple's Touch ID.

Windows 10 will work with FIDO specs for password-free access, says Microsoft

Windows 10 logo

Microsoft has announced that its forthcoming revamp of Windows will be compliant with FIDO's current specifications for advanced authentication. Or has it?

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

chet-chat-logo-featured-250

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

US Military wants to replace passwords with "cognitive fingerprints"

Cognitive Fingerprinting

DARPA has awarded researchers at the US military's elite West Point military academy a multi-million dollar contract to produce a replacement for password authentication based on "cognitive fingerprints"

SCADA programmers? It's time for security by default! 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 60-second security video.

Enjoy the news in just one minute...

SSCC 182 - What would the Pirate Party do? [PODCAST]

chet-chat-logo-featured-250

This week's episode of our quarter-hour security podcast.

Entertaining as well as accurate and educational - why not give it a listen?

EU to demand 2-factor for online payments by August 2015?

eba-250

The European Banking Authority is nearly, if not quite, insisting on two-factor authentication by August 2015.

If companies that do business in Europe have to comply, could this help boost two-factor in the US and elsewhere?

Can we expect a future free from passwords and PINs?

FIDO unveils details of a future free from passwords and PINs

Will passwords and PINs wither and die? Fast IDentity Online, or FIDO, says its new rules for designing authentication systems should make it "simpler and stronger for all".

Alibaba turns into Ali-blab-blab thanks to web server URL security bug

aliexp-250

Chinese e-commerce megabrand Alibaba just fixed a rather naughty security slipup on its online retail portal AliExpress.

You could get data such as the addresses and phone numbers of other users.

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

Is it thumbs up to Barclays bank's finger-vein-reading authentication?

Is it thumbs up to Barclays' finger-vein-reading authentication?

Barclays Bank has announced plans to introduce biometric authentication based on vein patterns in fingers for its UK business customers, which could signal a major shift in how we access online banking systems.

LibreSSL, Linux Foundation, Play Store refunds and Viber shabbiness - 60 Sec Security [VIDEO]

2014-04-26-thumb-250

How do you recover from Heartbleed? Can you get your money back from Google? And just how safe is the Viber instant messaging app?

Find out in 60 Second Security...

8 charged in AT&T ID theft fraud case, including outsourced contractor

8 charged in AT&T ID theft fraud case

"Authorized users" were added to customers' bank accounts, allowing the alleged fraudsters to request new cards in their names to make purchases and withdraw cash. As with other recent cases, the weak link was supposedly working for AT&T in an outsourced job function.

Google acquires sound authentication start-up SlickLogin

slicklogin-CC-250

Just five months after the company's launch, SlickLogin has announced its acquisition by Google. The Israeli security start-up has developed a method of authenticating your smartphone using an inaudible sound wave transmitted from your computer.

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Microsoft joins tech giants and FIDO in the fight for simpler, safer authentication

Microsoft joins tech giants and FIDO in the fight for simpler, safer authentication

Microsoft joins Google, PayPal, Lenovo and other tech giants as a member of the FIDO (Fast IDentity Online) Alliance, a non-profit group working to design better and more standardised methods of checking identity across the internet.

D-Link patches "Joel's Backdoor" security hole in its SoHo routers

dl-524-250

About six weeks ago we wrote about an amusingly alarming security hole in various D-Link routers.

D-Link has now come out with a firmware fix - don't forget to update if you're on the affected list...

Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw

ios704-250

Apple pushed out iOS 7.0.4 last week, the fourth patch in two months.

Is iOS getting buggier, or is Apple simply publishing security fixes more promptly?

Biostamps - freedom from password tyranny, or Hollywood science?

Biostamps - freedom from password tyranny, or Hollywood science?

Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone. Could this be the ultimate solution to the problem of authentication and passwords, or is it just a sci-fi pipe dream?

Anatomy of an exploit - Linksys router remote password change hole

li-placard-250

A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.

Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...