Facial Recognition

Biometric facial recognition is evolving faster than many people realize. It is common knowledge that government buildings, military installations, and retail locations have had security cameras deployed for years. Over the past decade, they have upgraded and integrated cameras with sophisticated facial recognition software to help protect people and assets on-site. What is changing, however, is the rate at which… Read more

  •  
  • 11
  • 12
  •  
  •  
  •  

Digital Encryption

Seven years ago, the Obama Administration published the National Strategy for Trusted Identities in Cyberspace (NSTIC).  NSTIC called for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” Born out of the NSTIC and operating under grants from the… Read more

  •  
  •  
  •  
  •  
  •  
  •  

Multi-Factor Authentication

The following article, authored by Michael Magrath, Director, Global Regulations & Standards, first appeared 2/28/18 on CSO Online. The New York State Department of Financial Services (DFS) regulates over 1,400 insurance companies and approximately 1,500 banks and financial institutions1. Not surprisingly, with New York being the “financial capital of the world,” the overwhelming majority of U.S. financial institutions and many… Read more

  •  
  •  
  •  
  •  
  •  
  •  

sms authentication

What a difference a year makes. As related in AppDev Magazine’s recent newsletter, just one year after NIST, the National Institute of Standards and Technology issued guidance that found SMS insecure and no longer suitable as a strong authentication mechanism; it has backpedaled to reduce their previously strong statements and instead offers a new, softer recommendation. According to this article,… Read more

  •  
  •  
  • 8
  •  
  •  
  •  

Top 5 Security Stories in 2016

2016 was another stunning year in the battle against hackers. The bad guys were more than up to the task with new attacks and an endless display of innovation that challenged even the best security strategies. Yahoo’s topped their half-billion record breach with a billion-record breach, ransomware ran amok, DDoS attacks scaled to new heights, the endpoint grabbed major attention,… Read more

  •  
  •  
  • 2
  •  
  •  
  •  

GAO report on privacy and security: a wake-up call for HHS?

For years, I have been a vocal proponent of securing protected health information. It is no secret that The U.S. Department of Health and Human Services (HHS) swept security and authentication under the rug during the rollout of electronic health records (EHRs) as to not to impede adoption of electronic records by providers by making it difficult to use them. The… Read more

  •  
  •  
  • 1
  •  
  •  
  •  

Convenience Over Security is Often Not the Best Policy

Now NIST says SMS authentication is a “no-go” Forget your password?  No problem, just click “reset password” to receive a one-time code sent via SMS to your registered mobile phone.  From there you can create a new password to access your account. Inexpensive and Convenient?  Absolutely! Secure?  Maybe. Well, for federal agencies, “maybe” does not make the grade when it… Read more

  •  
  •  
  • 2
  •  
  •  
  •  

August 2, 2016 - Andrew Showstead
SMS is insecure, and is no longer suitable as a strong authentication mechanism.

The news is in that the National Institute of Standards and Technology has finally stated what both security professionals and hackers alike have known for years: SMS is insecure, and is no longer suitable as a strong authentication mechanism.  SMS Messages are not protected from the wrong eyes seeing them, and there is no assurance that they will actually go… Read more

  •  
  •  
  • 12
  •  
  •  
  •