Blog

Blog

Lessons about Logins from the JP Morgan Breach

JP Morgan is another example of a company that was able to detect and clear out its compromised system without a third party notifying them of suspicious activity. The infiltration lasted two months, from mid-June to mid-August of this year. It was their own internal investigations that lead them to the discovery of a customized piece of malware that was leeching gigabytes of data that was routed through multiple countries before ending in up a large Russian city. While JP

Read More >

Security Token Risk Based Authentication

Increase E-Commerce Profits using Risk Based Authentication

Security Token Risk Based AuthenticationMost websites use the combination of usernames and passwords. Both are items that a user knows.  Asking “what street did I grow up on”, is just asking more things that a user knows, firms that do this are just implementing more KBA’s. Economics of Authentication To use some basic economics, the addition of the password as opposed to not requiring validation has a huge marginal benefit to the company. Implementing a second, and third and forth has an ever decreasing

Read More >

security_questions

4 Big Problems with Knowledge Based Authentication

security_questionsLet’s look at the traditional method of Knowledge-based authentication to understand its shortfalls. Background Since the dawn of the web, online account authentication has barely changed. A user would input their username (email or screen name) and follow up with a password. This is the foundation of knowledge-based authentication (KBA) For companies that aim to appear more secure, it isn’t uncommon for them to use knowledge-based authentication questions in addition to your password. I bank with two different bank accounts;

Read More >

OTP-token Risk Based Authentication

What is Risk Based Authentication? (KBA)

OTP-token Risk Based AuthenticationRisk-based authentication process applies varying levels of strictness to the authentication process based on the probability that a given application can be compromised. The authentication process becomes restrictive and casts a wider net based on the increase in risk. Understanding the Types of Authentication Authentication methods are usually grouped into a few different factors. 1.    Ownership Factors Bank cards, security tokens, mobile phone. Physical objects which a user is required to be in possession of. The risks to these types

Read More >