A Review of the Best News of the Week on Identity Management & Web Fraud
Twitter Expands Two-Factor Authentication Options (eWEEK, Dec 21 2017)
Twitter now supports the use of third-party two-factor authentication tools including Google Authenticator, Authy and Duo Mobile.
The Market for Stolen Account Credentials (Krebs on Security, Dec 18 2017)
Brian Krebs looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.
Lessons Learned from the Estonian National ID Security Flaw (Schneier on Security, Dec 18 2017)
Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident.
Face ID Stinks (Troy Hunt Blog, Dec 12 2017)
“I’ve been gradually coming to this conclusion of my own free will, but Phil Schiller’s comments last week finally cemented it for me: Face ID stinks.”
AWS Organizations Now Supports Self-Service Removal of Accounts from an Organization (AWS Security Blog, Dec 19 2017)
AWS Organizations made it easier for you to remove AWS accounts from an organization. You can remove accounts from an organization without requiring assistance from AWS Support, and the accounts you remove can operate as standalone accounts or be invited to join another organization. For example, you could remove graduating students’ AWS accounts from your organization to become standalone accounts or move accounts into another organization after an acquisition.
Facebook fights imposter accounts with facial recognition (Naked Security – Sophos, Dec 21 2017)
Facebook on Tuesday announced a new facial recognition tool that can spot you even when you haven’t been tagged – handy when some identity thief goes and puts up an account with your photo. It also introduced a way for the visually impaired to know more about who’s in the photos they encounter on Facebook.
French Aerospace Giant Thales Acquires SIM Maker Gemalto (SecurityWeek, Dec 17 2017)
French aerospace and defence group Thales said Sunday it has bought European SIM manufacturer Gemalto in a bid to become a global leader in digital security.
Unraveling the truth about the NIST’s new password guidelines (CSO Online, Dec 19 2017)
tl;dr: if you’re using a password manager, you should be in really good shape.
Fooling Windows 10 facial authentication with a photo (Graham Cluley, Dec 21 2017)
Maybe you’re one of those people who care enough about the security and privacy of your computer that you enable the facial recognition feature built into versions of Windows 10, but find it too much of a pain to set up a password. If so, you’re potentially at risk of having your computer unlocked by an attacker holding a modified low resolution laser-printed photograph of you in front of your webcam.
Why Your IAM’s Definition Of “User” Could Be Costing You Millions (Auth0 Blog, Dec 15 2017)
Because paying “per user” doesn’t factor in activity levels, you could be drastically overpaying
Microgateways: Zero Trust Security for the Microservices World (ForgeRock, Dec 14 2017)
New business models, based on the ability to monetize APIs (i.e. charge for usage) make APIs and microservices accessible to broader audiences, create new revenue streams, while opening businesses to additional risk. One approach to mitigating the risks associated with the monetization of APIs and microservices, is the use of fine grained authentication and authorization. But how can development teams incorporate sophisticated security without adding layers of complexity?
Why we need strong authentication standards to deliver the promises of Open Banking (Gemalto blog, Dec 21 2017)
Along with PSD2, Open Banking is one of the most discussed topics in the financial industry. To make it work, we need strong authentication
Calculating the Cost of Account Takeover (Sift Science Blog, Dec 20 2017)
How do you measure whether Account takeover (ATO) is a problem for your business? ATO can be harder to quantify than payment fraud. When measuring the total cost of ATO, there are a number of individual costs to consider.