FIDO2 Archives

Yikes, YubiKey Vulnerable — ‘EUCLEAK’ FIDO FAIL?

Richi Jennings | September 4, 2024 | CVE-2024-45678, ECDSA, EUCLEAK, FIDO, FIDO2, Infineon, Passkeys, SB Blogwatch, YSA-2024-03, Yubikey

USB MFA SCA😱: Infineon hardware and software blamed for timing side-channel attack on popular auth tokens ...

Security Boulevard

A small bunch of keys on a stark, white background

Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout

FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way? ...

Security Boulevard

Gmail Adds Extra Checks, Thwarting Sneaky Hackers

Richi Jennings | August 25, 2023 | 2-factor authentication, 2fa, 2FA/MFA, FIDO, FIDO2, Gmail, google, Google Workspace, MFA, Multi-Factor Authentication (MFA), Passkeys, SB Blogwatch, TOTP, WebAuthn

Sensitive actions such as forwarding to be protected by extra 2FA step ...

Security Boulevard

Importance of CJIS Compliance

Don Hoffman | August 10, 2023 | advanced authentication, Compliance, FIDO2, MFA, phishing-resistant MFA

If your organization has access to sensitive data from government agencies, you will most likely have to adhere to the Criminal Justice Information Services (CJIS) compliance requirements. In this context, sensitive data, ...

Silverfort Blog - Cyber Security News

Reddit Hacked — 2FA is no Phishing Phix

Richi Jennings | February 10, 2023 | 2fa, 2FA phishing, 2FA/MFA, FIDO2, MFA, Phishing, reddit, Reddit breach, SB Blogwatch, spear fishing, TOTP, WebAuthn

Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link ...

Security Boulevard

0ktapus/‘Scatter Swine’ Hacking Gang Stole 10,000 Corp Logins via Twilio

Richi Jennings | August 30, 2022 | 0ktapus, 2fa, Authy, FIDO, FIDO2, Look at them evil bogeymen rampaging through our poor downtrodden networks, Okta, Phishing, SB Blogwatch, Scatter Swine, smishing, Twilio, WebAuthn

More on the Twilio débâcle from earlier this month: Researchers reveal the hackers swiped at least 9,931 user credentials from more than 130 organizations ...

Security Boulevard

Bad Dog—Everyone HATES This FIDO Passwordless Idea

Richi Jennings | March 21, 2022 | Authentication, FIDO Alliance, FIDO2, It seems like the the FIDO Alliance came up with a dog of a solution, passwordless, Privacy, SB Blogwatch, WebAuthn

Behold! The next steps to passwordless nirvana. But will FIDO2-WebAuthn let “privacy invading megacorps” profit from your private data? ...

Security Boulevard

Why FIDO2 Is the Answer to Better Security

Jim Black | May 21, 2021 | Cloud Security, FIDO2, MFA, multifactorauthentication, security

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed ...

The Akamai Blog

Is MFA a Security Illusion?

Jim Black | March 9, 2021 | 2fa, cryptography, dns, Enterprise Threat Protector, FIDO2, MFA, security, zero trust

A recent Akamai Security blog post, Massive Campaign Targeting UK Banks Bypassing 2FA, written by my colleague Or Katz, is a great insight into how attackers used very simple techniques to bypass ...

The Akamai Blog

4 Tips for End-to-end Passwordless Authentication for Hybrid Deployments

RSA Blog | December 10, 2020 | Authentication, breaches, FIDO, FIDO2, Hybrid Access Solutions, Man In The Middle, OTP, passwordless, Phishing

Most applications are still protected only by passwords that are prone to man-in-the-middle and phishing attacks, increased operational costs, and user frustration. Today, organizations are looking to implement security practices that eliminate ...

RSA Blog