Strong-Auth Digest

Articles about the importance of strong authentication

FIDO specifications are designed to incorporate a full range of authentication technologies commonly seen in the industry. The year of 2015 witnesses a number of significant releases of support of FIDO specifications including Microsoft, NTT Docomo, Google, Bank of America, and GitHub. The National Institute of Standards and Technology (NIST) joined FIDO Alliance in June, 2015 and looked to become early adopters of new authentication solutions. National Cybersecurity Alliance and FIDO Alliance also held a seminar at Google's Washington, D.C. office last week to advance the communication between government and private sector leaders. White House authorities recognized that the United States is facing threats that are beyond cyber vandalism. The federal government also stated during the seminar that it is revising NIST's earlier iteration of SP 800-63 which is now considered not focused on actual solutions that are easy to deploy.

In view of increased attention on information security and demands on strong authentication, ISR is creating a news column on strong authentication. We will select a number of relevant topics and aggregate news about what is happening in the industry. The digests are meant to be informative yet we hope to present the opinion and insights.   In our last post, A Revolution in Authentication, we pointed out that the authentication process of opening an office door with a physical smartcard or key is seriously flawed since there was no identity verification. We suggested that this could be solved by

A simple to understand how-to guide has been published by Bill Snyder at CIO.com. Snyder provided a introduction of how services such as TeleSign and TurnOn2FA can help the consumer turn on two factor authentication for more than 200 websites and financial services.   For more information, refer to Snyder’s post: Two-factor authentication, and how it protects your passwords

The combined two step authentication method on smartphones, consisting of fingerprint user authentication followed by device authentication, is much more secure that present methods without sacrificing the user experience. The new authentication, having a better user experience and being more secure, has the potential to revolutionize the authentication in consumer services.

You go to mail.yahoo.com, enter your user name and press "continue." That's where everything changes. Instead of entering an annoyingly complex or easy-to-crack password, the company sends an alert to your smartphone and asks if you'd like to sign in. Hit "yes," and presto. If Yahoo's tech catches on, it means consumers could eventually live in a world without having to remember passwords. That's a big deal because most security experts agree passwords in general are unsafe.