Archive for category Uncategorized

Rewterz Informative Update : Ransomware Impacting Pipeline Operations

Severity

High

Overview

CISA informs of a cyber-attack that was launched recently, affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility. A cyber threat actor used a Spearphishing Link to obtain initial access to the organization’s information technology (IT) network before proceeding to its OT network. The threat actor then deployed commodity ransomware to encrypt data on both IT and OT networks.

Impact

Specific assets experienced a Loss of Availability on the OT network. These included human machine interfaces (HMIs), data historians, and polling servers. Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View for human operators. The attack did not impact any programmable logic controllers (PLCs) and the victim did not lose control of operations. Operational shutdown had to be implemented.

Response

Deliberate and controlled shutdown of operations had to be implemented for two days, due to lack of cyber-security accommodation in their emergency response plan. A Loss of Productivity and Revenue had to be endured meanwhile, that usually happens when adversaries cause disruption and even damage to the availability and integrity of control system operations, devices, and related processes. Normal operations were resumed afterwards.

Attack Summary

The victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks. The threat actor used commodity ransomware to compromise Windows-based assets on both the IT and OT networks. Because the attack was limited to Windows-based systems, PLCs responsible for directly reading and manipulating physical processes at the facility were not impacted. The victim was able to obtain replacement equipment and load last-known-good configurations to facilitate the recovery process. All OT assets directly impacted by the attack were limited to a single geographic facility.

Although only one geographical control facility was affected, other geographically distinct compression facilities also had to halt operations due to pipeline transmission dependencies. This resulted in an operational shutdown of the entire pipeline asset lasting approximately two days. The victim acknowledges the lack in their cyber-security knowledge for failing to adequately incorporate cyber-security into emergency response planning.

Remediation

CISA recommends following mitigations to avoid and handle cyber attacks on operational control devices and networks.

Technical and Architectural Mitigations

  • Implement and ensure robust Network Segmentation between IT and OT networks to avoid extension of a cyber attack from IT network to OT network. A demilitarized zone (DMZ) should regulate all communication between the IT and OT networks.
  • Organize OT assets into logical zones by taking into account criticality, consequence, and operational necessity. Define acceptable communication conduits between the zones and deploy security controls to Filter Network Traffic and monitor communications between zones. Prohibit Industrial Control System (ICS) protocols from traversing the IT network.
  • Require Multi-Factor Authentication to remotely access the OT and IT networks from external sources.
  • Implement regular Data Backup procedures isolated from network connections, on both the IT and OT networks.
  • Revise account management policies to ensure that user and process accounts are limited through Account Use Policies, User Account Control, and Privileged Account Management. Organize access rights based on the principles of least privilege and separation of duties.
  • Enable strong spam filters to prevent phishing emails from reaching end users. Implement a User Training program to discourage users from visiting malicious websites or opening malicious attachments. Filter emails containing executable files from reaching end users.
  • Filter Network Traffic to prohibit ingress and egress communications with known malicious Internet Protocol (IP) addresses. Prevent users from accessing malicious websites using Uniform Resource Locator (URL) blacklists and/or whitelists.
  • Update Software including operating systems, applications, and firmware on IT network assets. Use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program. Consider using a centralized patch management system.
  • Set Antivirus/Antimalware programs to conduct regular scans of IT network assets using up-to-date signatures. Use a risk-based asset inventory strategy to determine how OT network assets are identified and evaluated for the presence of malware.
  • Implement Execution Prevention by disabling macro scripts from Microsoft Office files transmitted via email and consider using Office Viewer software to open them.
  • Implement Execution Prevention via application whitelisting, which only allows systems to execute programs known and permitted by security policy.
  • Implement software restriction policies (SRPs) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
  • Restrict Remote Desktop Protocol (RDP) to limit access to resources over network. If RDP is operationally necessary, restrict the originating sources and require Multi-Factor Authentication.

Planning and Operational Mitigations

  • Accommodate all possible impacts of cyber attacks in the organization’s emergency response plan.
  • Implement response playbooks to identify criteria to distinguish between events requiring deliberate operational shutdown versus low-risk events that allow for operations to continue.
  • Exercise emergency failure drills and implement alternate control systems, including manual operation to enhance employees’ decision-making experience, while assuming degraded electronic communications. The lessons learned will enhance emergency response playbooks.
  • Identify single points of failure (technical and human) for operational visibility and response planning.
  • Implement segregated communication capabilities between geographically separated facilities.
  • Recognize the physical risks that cyberattacks pose to safety and integrate cybersecurity into the organization’s safety training program.
  • Ensure the organization’s security program and emergency response plan consider third parties with legitimate need for OT network access, including engineers and vendors.

Here’s how VPNs can be Exploited by Attackers

Overview

It is generally believed that data transfers are safest over a VPN connection. However, here is a bad news. They too are vulnerable and can be hacked and used to cause you harm. Earlier this week, vulnerabilities in VPN servers were exploited by Nation-state attackers. Hence, although they make network communication more secure, VPNs too demand their due share of attention from time to time.

Weak Encryption

  • If you’re using a VPN employing an older, breakable encryption algorithm, a data breach surprise just might be on its way to you. Weak encryption alone is enough to let your guards down for attackers; let aside the approaching quantum computing’s powerful brute-force capabilities.
  • Many encryption algorithms have now been discarded or marked as unsafe and vulnerable, including DES, 3DES, SHA-1 and RSA (with small keys); they either have algorithmic flaws or they are susceptible to brute-force methods.
  • Some other products using proprietary encryption methods that promise super-double-plus ninja-grade security lack proofs to their claims.

Use VPNs that reportedly utilize known-good encryption algorithms such as AES, elliptic-curve Diffie-Hellman (ECDH), SHA-256 (or greater), or RSA with a 1536- or 2048-bit key. Also make sure that a strong encryption algorithm is not wrecked by a poor implementation.

Vulnerable Key-Handling

All VPNs rely on encryption keys for doing their security job. Therefore key-handling is a critical phenomenon. For example, in a demonstration at Black Hat USA 2019, researchers Orange Tsai and Meh Chang showed that a vulnerability in a Palo Alto Networks SSL VPN exposed a hard-coded password for the encryption key. This undoubtedly makes the vulnerability much more worse. Vulnerabilities that lead to storing of hard-coded encryption keys insecurely are very dangerous and severe. Unfortunately organizations can do little more than timely patching the vulnerabilities.

Authentication Bypass

Even if your VPN uses an impenetrable encryption, another major criminal gateway can be authentication. When a vulnerability in the VPN allows a threat actor to access critical assets behind the VPN, without demanding a user authentication, resources will end up in the hands of criminals.

For instance, In April Pulse Secure announced a set of vulnerabilities in its Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products. Some of these allowed an attacker to use a specific URI as part of an HTTPS request to gain access to arbitrary files on the destination network. The vulnerability has already been patched, but users who are oblivious to the existence of this vulnerability and have not applied patches are likely to welcome bad news. Moreover, the flaw does not draw attention to itself. The users have to seek the updates proactively to apply timely patches.

Weak Protocols

Majority of VPNs use five protocols. Depending on the strength of a protocol, the strength of a VPN can be evaluated.

  • In the mid-1990s, PPTP (Point-to-Point Tunneling Protocol) was developed and placed into service. Although very fast, more than two decades later, it is now considered unsecure.
  • Likewise, another old protocol L2TP is quick to establish a tunnel, but surprisingly offers no encryption at all. Therefore it can not ensure protection independent of an encryption protocol.
  • Cisco and Microsoft’s contribution to the list of VPN protocols, IKEv2 is a newer protocol often used together with IPSec. Although often used in mobile communications for being able to handle brief interruptions in the connection, IKEv2 is no more a promising protocol. Reason? Thanks to Edward Snowden’s warning that the NSA has learned to break its encryption.

While experts consider these three protocols damaged, there are few choices left.

  • Security engineers say that OpenVPN is currently the best available protocol. Although Fast and secure, it too is complex to set up as a “raw” protocol for in-house employees.
  • Wireguard is another protocol waving from the future, but currently it is not complete.

Free VPNs

Even if an organization keeps track of all available patches and uses the best encryption and protocols, there may be other VPNs being used by their employees that aren’t secure. They may be using VPNs from remote work locations which are apparently free, but are meant to track their online moves. The VPN providers in collaboration with advertising networks often offer these free products to track users online. While advertisements may be bearable, VPN mentor reports that free VPNs are also being used to deploy malware. They may also feed on your bandwidth or overall data per month. Hence, it is best to use VPNs that are secure and are purchased by the organization itself.

Single-Layer Protection

VPNs apart from tunneling encrypted network communication serve other functions too. VPN should mask the end user’s IP address to make tracking more difficult, and should limit possibility of long-duration campaigns. In addition, a VPN may also offer blacklist URL protection (warning against malicious websites).

A VPN provided by the organization ensures that communication between the employee and the enterprise network takes places in an encrypted tunnel. From there on, the organization’s security infrastructure will take over. Third-party VPNs if being used, must be made sure to be as secure as the one provided by the company. 

Weaponized HTTPS

One of the basic tools of safe remote computing, the HTTPS, is being used by criminals as a gateway to cover up their malicious activities. Although this protocol safely carries legitimate traffic, a specially crafted HTTPS request can be used to bypass authentication as a key step in allowing data to be taken from the network. As free certificate authorities rise, the green lock is no more a definite security indicator.

It is crucial to monitor and patch vulnerabilities in the tools that you are using, in order to maintain a healthy and secure usage of VPN. Moreover, monitoring traffic from new sources is also essential to avoid security risks.

Remediation

  • Use VPNs that utilize latest strong encryption algorithms.
  • Keep all tools updated to latest patched versions.
  • Ensure secure key-handling.
  • Use the IKEv2 protocol along with IPSec.
  • Avoid using VPNs with single-layer protection.
  • Only use recommended and known VPNs and avoid using open source or free VPNs at all costs.

Outdated OS gets ATMs Hacked within minutes

While bank customers have a blind faith on the technologically advanced machine called ATM, it’s cyber security measures have shocking lapses and loopholes in most cases. 5 years after the support for Windows XP was withdrawn, numerous ATM machines are still running on Windows XP, exposing them to various vulnerabilities and attacks. These ATMs running on end-of-life operating systems are the most attractive cash machines for hackers, each one ready to spit about $200,000 in cash. It is surprising how ATM operators have still not discarded such insecure ATMs running an old operating system on archaic components.

image-1570450734.jpg

Security Risks for ATMs running on outdated OS

Where insecure network communication between the bank and the ATM machines is reportedly a major security risk, encryption of this network communication is also very important to keep intruders outside and to avoid manipulation of this communication. However, end-of-life systems are an even bigger problem.

Why is Windows XP a major threat?

Released in 2001, Windows XP is now an archaic talk. Microsoft ended support for this OS in 2014 and stopped releasing anti-malware patches for it on July 14th, 2015. So it no longer receives security patches and updates. Hence, they are vulnerable to network or local access attacks. Consequently, even small groups of criminals could communicate to install code, avoid the ATM’s built-in defense mechanisms, and avoid detection on the transaction log. Exploiting the vulnerabilities and executing remote code, fraudulent transactions can be carried out within moments. 

  • Many researchers have demonstrated successful network spoofing attacks and black box attacks on such ATMs running on outdated OS.
  • Another issue is, banks tend to use the same configuration on large number of ATMs, allowing for mass replication of a single successful attack on one ATM machine.
  • Moreover, these EOL systems can only be patched manually and it is practically impossible for a bank’s IT professionals to visit the machines, branch-by-branch, one-by-one, to apply Microsoft’s Windows XP for Embedded Systems’ security patches.
  • Additionally, many ATMs running XPe (embedded Windows XP) may not be using Enhanced Write Filter. EWF is designed to protect malware from executing onto a drive, corrupting files. While running EWF is always optional in XPe, it also has its own patches that need to be managed.

Why is Windows 7 a threat?

ATMs using Windows 7 are also at an approaching security risk. Just like Windows XP, Windows 7 is also being discarded by Microsoft and its support seizes on January 14th, 2020. Within 4 months, ATMs running on Windows 7 will also be exposed to cyber attacks. ATM system operators need to prioritize migration of ATMs from outdated OS to the latest OS available. However, the hardware and software migration will cost significantly high and will consume about six months to complete the process. This update therefore demands immediate attention and prioritizing.

What ATM operators can do

  • Revise your current ATM network, shut-down outdated machines and replace them with new solutions in the market, such as virtual ATMs.
  • Migrate your ATM OS to the latest version of Windows 10 or Linux.
  • In addition, many hardware platforms internal to current ATMs are too old to be supported by the more current Windows 10. As a result, many ATM operators such as banks will need to replace their hardware components with newer solutions to run on a newer OS.

Although an operating system migration and a computer platform upgrade together may prove very costly for all deployments of ATM machines, these steps are crucial to avoid millions being cashed out fraudulently by hackers. In addition, these ATMs are connected to a bank’s centralized electronic banking systems in order to operate, thereby camouflaging the security risk that could cost Trillions.


5 Cyber Security Measures to Avoid Getting Hacked

Cyber security is a continuous evolutionary process as new threats arise everyday. Apart from advanced security measures, it is advised to follow the following basic steps to minimize cyber security risk. 

1. Implement 2FA

Hackers and phishers can acquire passwords from third party data breaches or through successful credential theft using phishing. The first half of 2019 has also seen many Password spraying attacks, as well as DNS Hijacking campaigns that can be minimized by enabling Two-Factor Authentication (2FA) or Multi-factor authentication (MFA). A 2FA demands an additional authentication along with a password, in order to access an account, thereby providing an additional layer of security.

To implement 2FA, users need to provide an accessible contact like a phone number or an email, so that a special code is sent to that contact each time a login attempt is made. Users can access their accounts by providing that additional code. Many major platforms offer enabling 2FA to verify before each login that the legitimate authorized account holder is making the login attempt. In case an unauthorized login attempt is made, not only is it prevented but also the user is notified by the generation of code that someone is trying to access their account.

2. Use Secured Wi-Fi Network

Unsecured Wi-Fi networks are a great security risk. They are often exploited by attackers to enter target environments. Users should protect and encrypt their Wi-Fi networks to avoid having any intruders scan through their machines. A few encryption options are available that ensure that your Wi-Fi is publicly inaccessible. Wi-Fi Protected Access 3 (or WPA3), for instance, can be set up on new routers by visiting the administrator’s page for your router. This is accessed by typing your router’s IP address in the URL field of your web browser. The most common ones are 192.168.1.1, 192.168.0.1 or 192.168.2.1.

Once inside the router’s menu, there is a section under “Wireless” or “Security” that contains your system’s encryption settings along with some options, including WPA3. If WPA3 is not available then WPA2 is the best option to choose. If your encryption is previously set as WEP or WPA (older standard for older routers), it is advised to change it to WPA2.

After selecting an option, some instructions appear to create an appropriate password, creating which, your Wi-Fi network is secured! In case no option is available, go to router’s settings and update the firmware so your device is as safe as possible. However, do not leave your encryption status to “Open” which means there is no encryption enabled on your Wi-Fi network.

image-1569933641.jpg

3. Keep Passwords Secure

Do not leave passwords hanging around places where they can be accessed. It is always best practice to use separate passwords for each platform. Repetition of passwords is strongly discouraged by security experts. Moreover, the passwords can be stored on a password storing app, which keeps them safe for you and saves you from the trouble of remembering each password. Make sure the app you use is up to the standards of cyber security and recognized by security experts. 

image-1569933724.jpg

4. Ensure Device Protection

Always keep an anti-malware program with updated signatures installed on your computer. More importantly, make sure it is compatible with your device and has the essential features that you need. Mostly PCs are shipped with a pre-installed compatible antimalware called Windows Defender — which is Microsoft’s internally developed anti-malware application. Apart from thoroughly scanning your device for harmful software, Windows Defender is also the first to receive updates, latest signatures and zero-day defenses directly from Microsoft’s own cyber-security labs.

However, downloading the software is not enough. You also need to keep your computer and all software updated. Keeping the Windows updated to the latest version will also keep Windows Defender up to date, which means your device will be protected against malware currently circulating in the cyberspace. Also make sure to scan your device frequently and resolve all detected threats and issues.

5. Implement Timely Patching

Software updates are recommended not because they add the latest features to your system, but because these updates usually include security patches for vulnerabilities, bugs and zero-day exploits found in the software. These patches fix the critically dangerous bugs that may otherwise serve as entry points for hackers. Besides, many critical security flaws have no other solutions than implementing timely patching. Although new system updates are announced with notifications, still it is recommended to keep an eye out for these security updates and apply them as soon as possible.

Having applied the above-mentioned steps it is also recommended that users should enable an additional layer of protection i.e. Virtual Private Network (VPN). Using a VPN, your internet browsing is made anonymous and your internet connection is shielded from cybercriminals and hackers.


Next Generation of Insider Threats

Overview

Sophisticated cybercrimes are not originating from the outside world alone. There are threat actors within your environment too, who are also becoming tech savvy. After basic internal threats and deliberate attacks by disgruntled employees, there is a greater security risk from tech savvy employees.

Insiders in fact have many advantages over the outsider attackers.

How Do Insiders Evade Detection?

Using following techniques, insider threats can prove fatal for an organization without raising alarms.

  • Insiders do not need to conduct reconnaissance before launching an insider attack. Therefore, internal attackers have the advantage of evading possible detection by the IT security team during reconnaissance.
  • They also have the advantage of knowledge. They know where the treasure is, so they do not have to conduct messy searches of network and file systems in order to locate confidential information and credit card details of their target employees.
  • Another advantage insiders enjoy is that they do not have to download detectable malware in the environment. They can access systems without fetching external malware or contacting remote C2 servers, which could have been detected by the security systems in place.
  • Insiders can leverage multiple shadow accounts to disperse chunks of their activities, either fake or borrowed legitimate accounts, to avoid crossing the threshold limit set on automated detectors, thereby avoiding raising suspicion.
  • Insiders can also persistently locate key sellable corporate information by utilizing as much time as needed. They can access this shortlisted information and steal or sell it without the raise of an eyebrow.
image-1569500791.jpg

Hence, insiders can avoid possible detection by noisy reconnaissance, malwares, and hyperactivity.

Special Privileges and Stealthy Internal Hacking

Usually, employees are given more privileges than are necessary for the fulfilment of their jobs, just to ensure convenience. In addition to these excessive privileges, oftentimes the internal access controls are misconfigured, making Corporate’s secret and confidential information accessible by employees. Neglecting the loopholes in the configuration of internal access controls is a bigger mistake than most executives will consider it to be.

Since insider threats are on the rise, not only should information be secured from outsiders, but also from the insiders who are not concerned with the information.

Acquiring any admin-level privileges, insider threats can acquire stealthy internal hacking. For instance, Edward Snowden’s elevation of system privileges can be taken as an example, using which he crafted special digital keys to disguise his activity. When he accessed the confidential information, it appeared as if another user was accessing it. He went as far as deleting system logs to avoid trails and used encryption software so that security-monitoring systems could not detect the data theft.

image-1569500820.jpg

Exploitation of Privileges

  • Excessive permissions given to employees with specialized duties can be exploited, like networking staff appointed for traffic analysis or database administrators who access data for backups, etc. can exfiltrate available information.
  • Oftentimes, executives will not bother to refine custom privileges of employees, and will provide Domain Admin access as an alternate, thereby granting employees a super-user status.
  • Insiders can also exploit peer relationships to acquire passwords or accessibility given to these special users.
  • These special users like Database admins and networking staff may also use easy-to-guess passwords, (sometimes as basic as ‘John1234’) to avoid forgetting them, which can be guessed by other employees.
  • A Verizon Data Breach Investigations Report stated that 15% of all breaches involved “malicious or inappropriate use of existing privileges.”

How to Defend from the Insider’s Threat

Organizations have this rising concern of reducing cyber risk by the insiders.

  • The first step should be, identifying exploitable information, locating it, and limiting access to it to fewest people possible. Many organizations fail at this first step and make available the sensitive data to all employees of the organization.
  • Implement custom privileges best suited for each employee’s job requirement. For employees involved with administrative work, use a least-privileged admin model. “Local admin” accounts can be created where administrative privileges are only granted on selected machines.
  • Analyze behavioral profiles of user accounts to identify sneaky behavior. Intrusion prevention systems may not be able to detect these behavioral anomalies but there are software available that work on behavioral threat models.
  • Behavioral threat models can detect a targeted noisy behavior, for example, if massive encryption is carried out using a user’s account, immediate alerts are sent to the IT staff to suspend that user account that is potentially running ransomware.
image-1569500894.jpg


In the end, it’s not easy to spot next generation insiders. Begin with the knowledge that insider threats are already there with the knowledge of key assets and location of sensitive data. Immediate actions should now be taken to limit access to key assets, tailor user’s privileges as per job requirements, monitor and analyze behaviors, and always have someone ready to immediately respond to alerts generated by behavioral threat models. 


Moving Ahead of Single-Step Password Authentication

Overview

Why are most Phishing campaigns designed to steal user credentials? Because credentials are the easiest key to entering an organization’s virtual premises, unnoticed. However, most users tend to believe that their password-protected systems are secure.

Account Compromises on Exponential Rise

Millions of passwords are compromised each day because cracking passwords is easier than launching sophisticated cyber-attacks. A website called HaveIBeenPwned tracks such compromised accounts where users can check if their accounts have been compromised. The website lists hundreds of millions of accounts that have been compromised in multiple breaches due to successful phishing attacks, or reuse of compromised passwords on other platforms. Below is an image of the website tracking latest breaches and compromises.

image-1566557947.png

Another way passwords can be obtained  by attackers is by reviewing password history of users and guess the next password following the pattern that users use. For example, a user may change their password to the date of birth of a family member every time they change a password. Attackers may explore social media of targets as an open source intelligence to acquire DOBs of other family members for the next password guesses for that user.

Why Single Factor Authentication is Dangerous

The image above shows that millions of accounts have been compromised in data breaches. As a cherry on cake, most of these passwords are solely responsible for the security of respective devices. Single factor authentication is a very outdated way of protecting your assets in this age of technology.  Additionally, most users practice the habit of password reuse, i.e. they do not have unique passwords for every platform. They reuse the same passwords for multiple logins. Consequently, when the password is exposed or breached on one platform, it can be used to access all the other platforms where it is repeated. 

image-1566559424.png


Single factor authentication poses a huge threat to the security of an organization. Once a legitimate password is acquired, attackers can easily get inside an organization using the single sign-in process without raising any suspecting eyebrows. If this happens, all the best network security procedures will go down the drain and attackers will be strolling inside an organization without raising an alarm. Stats show that many attack types have been successful using simple technology because no other authentication had to be provided at the time of unauthorized login. It is due to the insufficiency of these single sign-in processes that  Business Emails are often Compromised and plain text protocols are exploited.

• Business Email Compromise 

Password breaches and insufficiency of authentication processes often compromise business accounts on massive scale for financial profits. Business Email Compromise has been a known profitable attack over the past few years. It was reported in July 2018 that attackers made more than $12 million through these attacks in less than five years. Once the password was acquired for these accounts, attackers were able to access them without difficulty.
 

• Legacy Protocols 

Single sign-in is also dangerous when organizations need to use plain text protocols, aka legacy protocols. Unfortunately, organizations are bound to use single sign-ins at some instances where they use simpler technologies like legacy protocols such as SMTP because these were created in simpler times when Multiple Factor authentication wasn’t used. The bigger concern is, attackers are also aware of these limitations and are determined to suppress advanced protocols and authentication.  
 

Single Sign-in brings borrowed Vulnerabilities

 A paper by Sans institute states that organizations are now vulnerable to attacks due to factors other than their own security measures. While they continue to suffer from direct data breaches and spear phishing, they are also threatened by data breaches of third parties, which compromise these repeated passwords of users. Reused passwords aid attackers in targeting multiple platforms using one stolen credential. 

Having retrieved one password from a breach, attackers are guaranteed to try the acquired password for accessing other organizations too. 

How to Avoid Security Weaknesses Caused by Single Password Authentications

In order to avoid the vulnerabilities and security weaknesses that come along single step password authentications, users are advised to utilize the availability of resources like multi-factor authentication and password-less authentication. These ensure that your entire security is not dependent on a password. Even if the password is leaked or breached, attackers will still be unable to access your device or system if you have enabled multi-factor or password-less authentication. 

Utilizing Multi-factor Authentication

Multi factor authentication includes a username and password combination along with one more proof of user’s identity. It can be something that you have (a device that verifies the login attempt through a pincode/link that it receives) or something that you are (biometric verification like thumb print). There are other software-based MFA sources too, that collaborate with smart devices like phones and laptops.  
Most users avoid setting up multi-factor authentication because it involves an external device. Also, it’s a two-step authentication rather than one and it demands slightly more effort than single passwords. However, it’s about time that organizations start enforcing multi-factor authentication and spreading awareness against password reuse. 

image-1566558488.jpg

Password-less Authentication

There are hardware devices that allow for storage of encryption keys to verify user identity. Technological discoveries also enable websites to implement stronger and password-less authentication to strengthen the security chain as a whole. Examples of common password-less authentication is facial recognition, iris detection, or thumb print reading also implemented in latest mobile phones and notebooks. Advanced desktop systems also support facial recognition to verify user’s identity.  
 

Since password compromises are getting easier with advanced phishing techniques, organizations should discard single step sign-in, discourage password reuse and implement at least Multi-factor authentication to ensure their safety. Password-less authentication should also be used where feasible and available.



Copyright © Rewterz. All rights reserved.