Blog

Blog

The Full Story on Passwords

Every day news breaks of yet another retailer or bank security breach that lets criminals get access to financial and personal customer information. Stolen credentials used to get stamped onto physical cards intended for fraudulent brick and mortar purchases, but chip-and-pin cards and online retailers have changed the game. While the stolen credit card number still has a nominal value, there is a major shift underway as thieves understand the greater value of the customer information, like username and password.

Read More >

Lessons about Logins from the JP Morgan Breach

JP Morgan is another example of a company that was able to detect and clear out its compromised system without a third party notifying them of suspicious activity. The infiltration lasted two months, from mid-June to mid-August of this year. It was their own internal investigations that lead them to the discovery of a customized piece of malware that was leeching gigabytes of data that was routed through multiple countries before ending in up a large Russian city. While JP

Read More >

Security Token Risk Based Authentication

Increase E-Commerce Profits using Risk Based Authentication

Security Token Risk Based AuthenticationMost websites use the combination of usernames and passwords. Both are items that a user knows.  Asking “what street did I grow up on”, is just asking more things that a user knows, firms that do this are just implementing more KBA’s. Economics of Authentication To use some basic economics, the addition of the password as opposed to not requiring validation has a huge marginal benefit to the company. Implementing a second, and third and forth has an ever decreasing

Read More >

security_questions

4 Big Problems with Knowledge Based Authentication

security_questionsLet’s look at the traditional method of Knowledge-based authentication to understand its shortfalls. Background Since the dawn of the web, online account authentication has barely changed. A user would input their username (email or screen name) and follow up with a password. This is the foundation of knowledge-based authentication (KBA) For companies that aim to appear more secure, it isn’t uncommon for them to use knowledge-based authentication questions in addition to your password. I bank with two different bank accounts;

Read More >