Article posted: Mar 05, 2018

By Joakim Thorén, CEO

Recently, ECN published an opinion piece on why smartphones can do double duty to secure data and a user's identity. Certainly, the smartphone is a good tool for authentication, but relying on One-Time Passwords (OTPs) is not an ideal two-factor authentication method, because OTP authentication makes use of rather short computer-generated passwords. These passwords are often provided to the user with none or very weak authentication.

Continue Reading...

Article posted: Feb 27, 2018

By Anders Adolfsson, Technical Consultant

We've written about the dangers of One-Time Passwords (OTP) for use in two-factor authentication and applauded the National Institute of Standards and Technology's (NIST) stance on eliminating SMS-based OTPs. It seems we're not alone. FireEye recently blogged about the dangers of OTPs in phishing campaigns and how hackers are using real-time phishing in attacks on corporate websites.

Continue Reading...

Article posted: Dec 22, 2017

By Marcus Hartwig, Versasec GM Americas

Like every industry, it's an imperative for government agencies to safeguard their data, and many agencies are extending their security requirements right down the line to their suppliers and contractors.

For example, new government regulations going int...

Continue Reading...

Article posted: Aug 30, 2017

By Marcus Hartwig, GM Americas

When I saw this headline in the Wall Street Journal recently, "T3rr1bl3 @dv1c3," I couldn't resist reading the article and sharing the regrets of one of the pioneers of secure passwords.

The article includes an interview with Bill Burr, a former manager at the National Institute of Standards and Technology (NIST), discussing how he'd come up with recommendations for secure passwords some 13 years ago. At the time, he says, he was tasked with providing recommendations on the best ways to keep passwords secure for a NIST special publication (800-63, Appendix A). He didn't have much time, so he invented his own rules, he says, putting together an 8-page guide.

Continue Reading...

Article posted: Mar 10, 2017

By Marcus Hartwig, GM Americas

Google's Nest thermostat and other consumer IoT devices are flooding the market. By 2020, Cisco predicts 50 billion IoT devices will be connected. Not surprisingly, security is a major concern for these connected devices. After all, no one likes the idea of hackers infiltrating smart devices, like DVRs or cameras, the very devices that were hacked to bring down DynDNS last October.

Continue Reading...

Article posted: Mar 01, 2017

By Marcus Hartwig, GM Americas

For more than 20 years, cryptographic hash functions like SHA-1 have played a major role in browser security, managing code repositories or even just detecting duplicate files in storage. SHA-1, or Secure Hash Algorithm 1, was designed by the United States National Security Agency and was published by the United States NIST. We applaud the recent collaboration of the CWI Institute in Amsterdam and Google, which now shows its many flaws and security weaknesses.

Continue Reading...

Article posted: Oct 12, 2016

By Marcus Hartwig, GM Americas

When the National Institute of Standards and Technology (NIST) declared over the summer that SMS-based, two-factor identification should be put into the scrap heap of history, lots of us in the industry breathed a sigh of relief.

Continue Reading...