“No one ever forgets where he buried the hatchet.”
– Kin Hubbard
Quote of the Day
“Nobody outside of a baby carriage or a judge’s chamber believes in an unprejudiced point of view.”
– Lillian Hellman
Quote of the Day
“Although prepared for martyrdom, I preferred that it be postponed.”
– Sir Winston Churchill
Quote of the Day
“I do not want people to be agreeable, as it saves me the trouble of liking them.”
– Jane Austen
Easter’s Security Lessons
Easter is a time for reflection, renewal, and celebration. While it may not seem directly related to online security, there are actually several lessons we can learn from this holiday that can be applied to our digital lives. Here are a few:
- Be cautious of unexpected gifts: Just as you wouldn’t accept an Easter egg from a stranger without knowing what’s inside, you should be cautious of unexpected emails or messages that contain links or attachments. Cybercriminals often use social engineering tactics to trick people into clicking on malicious links or downloading infected files, so it’s important to be vigilant and only open messages from trusted sources.
- Protect your passwords: Easter is a time of renewal and new beginnings, and it’s a good opportunity to refresh your passwords and make sure they’re strong and unique. Avoid using the same password for multiple accounts, and consider using a password manager to generate and store your passwords securely.
- Watch out for scams: Just as Easter brings out scammers trying to sell counterfeit chocolate eggs or Easter baskets, there are many online scams that try to trick people into giving away personal information or money. Be wary of unsolicited emails or messages, and always double-check the URL of any website before entering sensitive information.
- Keep your devices up to date: Just like Easter eggs can go stale over time, outdated software and operating systems can become vulnerable to security threats. Make sure your devices and software are up to date with the latest security patches to reduce the risk of being hacked.
Happy Easter to all, and remember: by keeping these lessons in mind, you can stay safe and secure online, just as you can enjoy Easter treats without any worry.
You really, really need to modernize your authentication
my main argument is that passwords are not an ideal form of authentication, as they are often too weak and easily guessable. I, along with most of the people I know in the security business, advocate for the use of stronger forms of authentication, such as biometrics, multi-factor authentication, or risk-based authentication, which can provide greater security and reduce the risk of password-related attacks.
However, we need to also acknowledge that passwords will likely continue to be used for the foreseeable future, so I can’t emphasize enough the importance of using good password hygiene practices, such as using strong, unique passwords for each account, regularly changing passwords, and avoiding common or easily guessable passwords.
Overall, I believe that while passwords do have limitations, they can still be a valuable part of an organization’s security strategy if they are used responsibly and in conjunction with other security measures.
In particular, I urge you to look at risk-based authentication (RBA). RBA is a type of authentication that uses a combination of contextual and historical data to determine the level of risk associated with a login attempt or transaction. RBA takes into account factors such as the user’s location, device, behavior patterns, and other relevant information to assess the likelihood that a particular login attempt is legitimate or fraudulent.
Based on this risk assessment, RBA can then adjust the authentication requirements accordingly. For example, if the login attempt is considered low-risk, the system may require only a simple username and password combination for authentication. However, if the login attempt is deemed high-risk, the system may require additional authentication factors, such as a one-time password, biometric authentication, or security questions.
By using RBA, organizations can improve security while also reducing user friction. Rather than requiring all users to go through the same level of authentication, RBA can tailor the authentication process to the level of risk associated with each individual login attempt. This helps to reduce the burden on users while also providing stronger security for the organization.
Implementing risk-based authentication (RBA) typically involves the following steps:
1. Define Risk Factors: Identify and define the risk factors that will be used to assess the risk associated with a login attempt. These factors could include device type, location, IP address, user behavior patterns, or any other relevant contextual or historical data.
2. Determine Risk Levels: Define the different risk levels based on the risk factors identified in step 1. For example, you might define a low-risk login attempt as one that is coming from a known device, while a high-risk attempt might be one that is coming from a new or unknown device in a different location.
3. Define Authentication Requirements: Determine the authentication requirements for each risk level. For example, low-risk login attempts may only require a username and password, while high-risk attempts may require additional authentication factors such as biometrics or a one-time password.
4. Implement RBA: Implement the RBA system within your authentication process. This may involve integrating with an RBA solution provider or developing your own custom solution.
5. Test and Refine: Test the RBA system and refine the risk factors and authentication requirements as needed. Regularly reviewing and refining the RBA system will help to ensure that it remains effective and relevant over time.
Implementing RBA can help to improve security while also reducing user friction. By tailoring the authentication process to the level of risk associated with each login attempt, organizations can provide stronger security for high-risk scenarios while also reducing the burden on users for low-risk scenarios.
There are many risk-based authentication (RBA) solution providers in the market. Among them are:
1. Okta Adaptive MFA: Okta Adaptive MFA is an RBA solution that leverages contextual data to determine the level of risk associated with a login attempt. The system then adapts the authentication requirements accordingly, requiring additional factors for high-risk scenarios and fewer factors for low-risk scenarios.
2. RSA Adaptive Authentication: RSA Adaptive Authentication is an RBA solution that uses a combination of behavioral biometrics, device intelligence, and machine learning to assess the risk of a login attempt. The system then adjusts the authentication requirements accordingly.
3. IBM Security Verify Access: IBM Security Verify Access is an RBA solution that uses contextual data to determine the level of risk associated with a login attempt. The system then adapts the authentication requirements based on the risk level, using a range of authentication factors, including biometrics, one-time passwords, and push notifications.
4. Duo Security: Duo Security is an RBA solution that uses a range of contextual data, including device type, IP address, and user behavior patterns, to assess the risk of a login attempt. The system then adapts the authentication requirements accordingly, using a range of factors such as biometrics, SMS messages, or phone callbacks.
5. OneLogin Adaptive Authentication: OneLogin Adaptive Authentication is an RBA solution that uses machine learning algorithms to analyze a range of contextual data, including device information, location, and user behavior patterns. The system then adapts the authentication requirements based on the risk level, using a range of authentication factors, including biometrics, one-time passwords, and push notifications.
These are just a few examples of the many RBA solution providers in the market. When selecting an RBA solution, it’s important to consider factors such as the specific authentication requirements needed, the level of risk associated with your organization’s login attempts, and the level of integration and customization required.
EIC presentation
PowerPoint presentation example
Happy Festivus
Hello world!
Welcome to David’s Mood. Here you’ll find my musings about technology, sport, politics, and culture. Enjoy!
<a rel=”me” href=”https://ioc.exchange/@dak3″>Mastodon</a> Continue reading “Hello world!”