Category: Identity

July 26, 2016
NIST Plans to Drop SMS for Two-Factor Authentication
UPDATED–The move toward two-factor authentication and two-step verification for high-value services has been a positive one for user security, but many of those services use SMS as the channel for the second step in the authentication process, a method that the United States government is preparing to recommend against using. The National Institute of Standards and Technology…
Read More →
June 21, 2016
Google Simplifies Two-Step Verification
Google is changing the way that users of its Gmail and other apps use its two-step verification process, making it easier for users to approve or deny new logins. Currently, users who have two-step verification enabled have to enter a short code from an app or use a hardware token in order to log in…
Read More →
June 20, 2016
Firefox Containers Allows For Separate Online Identities
Mozilla is testing a new feature in pre-release versions of its Firefox browser that enable users to employ multiple personas or identities in different contexts at the same time. The feature, known as Containers, is designed to help users separate their various personal, work, and other online activities. The new feature is currently in the Nightly…
Read More →
June 9, 2016
32 Million Twitter Credentials Dumped Online
A massive cache of credentials and email addresses associated with Twitter accounts has been posted for sale online, but Twitter officials say the information did not come from a breach of the company’s network. The database of more than 32 million passwords and email addresses–including many plaintext passwords–was offered for sale on an underground forum…
Read More →
June 6, 2016
Bulgarian Sentenced in $6 Million Tax Refund Scheme
The IRS and taxpayers themselves have been the targets of a wide range of attacks and scams for many years, most of which involve some variety of identity theft. The fraudsters behind these operations often go unpunished, but in a rare victory, the U.S. government has convicted and sentenced to nearly four years in prison a Bulgarian…
Read More →
June 1, 2016
Inside the Opsec Habits of Cybercriminals
The fight between attackers and security researchers often is portrayed as a kind of spy versus spy operation, with each side making moves and countermoves in order to stay undetected and continue operating. But while top-tier attackers pay close attention to the details and are adept at hiding their tracks, that doesn’t necessarily hold true for…
Read More →
May 26, 2016
Microsoft Hates Your Password
As stolen passwords and account information continue to flood the Internet, making life easier for lazy attackers, Microsoft is planning to roll out a new service on its Azure cloud platform that will prevent customers from using common passwords. The change is not just a requirement that users employ long or artificially complex passwords, but…
Read More →
May 24, 2016
Google Project Abacus Aims to Replace Passwords on Android
Within the next six months, all Android developers likely will have access to a Google API stemming from its Project Abacus that aims to replace the password with a multi-modal system as the primary authenticator for mobile users. The idea behind the system is two-fold: passwords are rapidly approaching uselessness; and biometric identifiers are now…
Read More →
May 23, 2016
FBI Wants Biometric Database Hidden From Privacy Act
The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System, and it is an amalgamation of biometric records accumulated from people who have been through one of a number…
Read More →
May 19, 2016
Google Allo Brings Encryption, Auto-Deleted Messages
Google’s new Allo messaging app is less than a day old, but it already has attracted a lot of attention from the security and privacy communities, thanks to its inclusion of end-to-end encryption and disappearing messages. Not all of the attention has been positive, however. Allo is a combination app that includes typical chat capabilities…
Read More →