A Review of the Best News of the Week on Identity Mgt & Web Fraud

Digital Drivers License (DDL) Pilot Goes Live in Maryland and Washington DC (Gemalto blog, Sep 26 2017)
Smartphone-based ID is tested for age & ID verification in Maryland and DC at shops, casinos, stadiums and police stops. The pilot kicked off at Bay Ridge Wine & Spirits, a quaint family-owned and run liquor store in Annapolis, MD.

Machine Learning Will Revolutionize E-commerce (Signifyd, Sep 27 2017)
It’s hard to talk to any retailer for more than four or five minutes without the phrase “customer experience” coming up…consider the possibility of a smart machine following along in a conversation between a customer and an agent, he said. The machine would be able to point the agent to prompts and information that would help him or her help the retailer’s customer.

iPhone X has face recognition but this heart-scan authentication goes one better (ZDNet, Sep 26 2017)
A heart-based authentication system keeps you logged in until you walk away from the device.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

inBay Technologies Closes $1+ Million Financing (inBay Press Release, Sep 22 2017)
inBay Technologies, developers of ‘passwordless’ authentication solutions, today announced the company has secured $1+ million of financing from European-based Ramphastos Investments, co-leading with an Ottawa-based super angel represented by Tongda One Partners Ltd.

Making multifactor authentication work [for Federal Agencies] (GCN, Sep 25 2017)
MFA solutions for the federal government cannot be one size fits all, so how an agency implements MFA should depend on the sensitivity of its data and where MFA would be used within the agency’s architecture.

A guide to common types of two-factor authentication (VentureBeat, Sep 25 2017)
There are four main types of 2FA in common use by consumer websites, and it’s useful to know the differences. Some sites offer only one option; other sites offer a few different options.

Busting myths behind authentication and authorization (CSO Online, Sep 26 2017)
We need to dispel some of the myths in cybersecurity, authentication and authorization. First up, are reverse proxies bad?

​Service NSW to develop multi-factor authentication identity platform as opt-in (ZDNet, Sep 25 2017)
Service NSW, New South Wales’ centralised organisation for government service delivery, currently uses a relatively simplistic platform for identification. The roadmap for the state government’s one-stop-shop for service delivery includes the rollout of multi-factor authentication, but on an opt-in basis.

SAP Buys CIAM Vendor Gigya (Forrester Blogs, Sep 25 2017)
SAP announced it has acquired Mountain View, CA based Customer Identity and Access (CIAM) provider Gigya. Several media outlets placed the purchase price in the $350M range. Gigya has been a CIAM vendor since 2010 and raised ~$105M in venture capital, so if the purchase price is accurate, it reflects a good return for Gigya’s investors.

Android Lockscreen Patterns Less Secure Than PINs (Threatpost, Sep 25 2017)
An academic study set out to prove whether it’s better to protect your Android phone with a PIN or a swipe pattern. The answer is PIN. At least when it comes to proximity attacks, namely someone lurking about trying to guess your PIN or unlock pattern.

UK Police: Buying Fake Goods Online Can Lead to ID Theft (Infosecurity Magazine, Sep 27 2017)
UK Police: Buying Fake Goods Online Can Lead to ID Theft. City of London Police says over 4,000 sites were created using stolen IDs.

Reset Your AWS Root Account’s Lost MFA Device Faster by Using the AWS Management Console (AWS Security Blog, Sep 21 2017)
To help secure your AWS resources, AWS recommends that you follow the AWS Identity and Access Management (IAM) best practice of enabling multi-factor authentication (MFA) for the root user of your account. With MFA turned on, the root user of your account is required to submit one form of authentication, which is the account password…

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards (Krebs on Security, Sep 26 2017)
Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment card systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores, KrebsOnSecurity has learned.

Apple Pushing Two-Factor Authentication: What to Do (Tom’s Guide, Sep 26 2017)
What Apple is really doing it forcing people who upgrade to those two operating systems to also upgrade to Apple’s more secure two-factor authentication, which has already been around for a couple of years.

Will Apple’s new face recognition replace fingerprint verification? (Gartner Blog Network, Sep 27 2017)
In its recent iPhone X announcement, Apple introduced the TrueDepth camera for use in various applications including Face ID, Animoji, Apple Pay and selfies. 3D sensing technology is the next big thing on smartphones for three reasons.

Guidelines to comply with PCI DSS 3.2 (Gemalto blog, Sep 26 2017)
Starting in Feb 2018, all who access systems that hold credit card data will be required to authenticate with multi-factor authentication. This is a direct outcome of PCI DSS’s new requirement providing best practices for organizations that need to extend their MFA and comply.

7 Things to Consider Before Making the Switch to MFA (Okta blogs, Sep 25 2017)
MFA is a great way to secure your users’ apps and services from unauthorized access. Here are some points to consider as you plan your deployment.