A Review of the Best News of the Week on Identity Management & Web Fraud

New research: Understanding the root cause of account takeover (Google Online Security Blog, Nov 09 2017)
With Google accounts as a case-study, they teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, Google analyzed several black markets to see how hijackers steal passwords and other sensitive data.

Defining a New Model for Cyber-Security Trust with Blockchain (eWEEK, Nov 16 2017)
At the SecTor security conference, an MIT futurist details an open-source effort that aims to restore trust and improve data privacy for cyber-security.

Face ID is the Future of Security (Authentication) (Securosis Blog, Nov 10 2017)
“Apple didn’t just throw a facial recognition sensor into the iPhone and replace a fingerprint sensor – they enabled a new security modality. I call this ‘continuous authentication’.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Hacking a Fingerprint Biometric (Schneier on Security, Nov 09 2017)
Embedded in this story about infidelity and a mid-flight altercation, there’s an interesting security tidbit: The woman had unlocked her husband’s phone using his thumb impression when he was sleeping…

Vietnamese Firm Bkav Claims to Have Beaten Apple Face ID With an Elaborate Mask (Gizmodo, Nov 13 2017)
Researchers at Vietnamese firm Bkav claim to have been able to defeat the iPhone X’s facial recognition with an elaborate mask made from a combination of 2D and 3D parts.

IDology Annual Fraud Report Reveals Two-Thirds of Businesses Experienced Increased Fraud Attempts in 2017 (IDology, Nov 15 2017)
More than half of companies reported an increase in mobile-based fraud, led by device cloning.

Top 10 Themes from Money20/20 (Jumio, Nov 09 2017)
After a frantic week in Las Vegas for Money20/20, I can finally take a moment to reflect on some of the big themes and takeaways from the show. Here were the big ideas…

4 Questions Businesses Must Ask Before Moving Identity into the Cloud (Infosec Island, Nov 08 2017)
Whether you’re moving from an on-premise identity governance solution to the cloud or implementing a cloud-based identity governance solution for the first time, it’s important to take a close look at your organization and its needs before taking the next step.

Zero-Trust Model: Never Trust, Always Verify (Secure Thinking by Centrify, Nov 14 2017)
In a zero-trust model, enterprise resources are secured based on the identity of the user, device posture and other conditions such as location, date and time. If a user can confirm their identity, say via a successful multi-factor authentication (MFA) challenge on a trusted corporate laptop, they may be granted access to an application.

Scientists testing sweat analysis for cellphone authentication (ABC News, Nov 14 2017)
Halámek’s approach relies on amino acids found in skin secretions. A phone, for example, will be able to identify what compounds are in its owner’s unique sweat, Halámek told ABC News.

Voice recognition systems easily fooled by impersonators, claims Finnish university study (V3, Nov 15 2017)
Cyber crooks can compromise speech recognition systems with ease, claim researchers at the University of Eastern Finland

Who Am I? Best Practices for Next-Gen Authentication (Dark Reading, Nov 15 2017)
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.

Behavioral Biometrics: At the Intersection of Fraud Detection and Digital Experience (Biocatch Blog, Nov 09 2017)
Behavioral biometrics technology helps companies navigate digital transformation through two main functions: identity proofing and continuous authentication.

Digital Driver’s Licenses Take Flight in Wyoming (Gemalto blog, Nov 16 2017)
How did mobile licensing fare when tested in highway patrol and airport ID verifications in Wyoming?

A look at major identity implementation challenges (and how to address them) (Janrain, Nov 10 2017)
Customer identity and access management (CIAM) provides tremendous value to organizations interested in both improving customer engagement strategies through data and securing and protecting their customer data repositories. If you’re just getting started on your own CIAM journey, there are five common implementation pitfalls to keep an eye out for…

Approve Your Authentication Requests With Just a Glance (The Duo Blog, Nov 14 2017)
Duo’s new biometric policy with support for Face ID replaces their fingerprint-specific policy, making it easy for administrators to add additional biometric checks regardless of whatever biometric factor their end users’ devices support—whether it’s Touch ID, Face ID, or Android Fingerprint.