#FIDO2

T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’

by

December 4, 2024 at 07:58PM T-Mobile US swiftly thwarted cyber-espionage attempts by a Chinese-backed group, Salt Typhoon, which compromised a connected network but accessed none of T-Mo’s sensitive customer data. T-Mobile emphasized its layered defenses and the use of advanced authentication methods to prevent further intrusions. US officials recommend strong encryption for communications. **Meeting Takeaways:** … Read more

Google Targets Passkey Support to High-Risk Execs, Civil Society

by

July 10, 2024 at 06:05AM Google is extending the Advanced Protection Program (APP) by adding support for passkeys in an effort to enhance online account security for high-risk individuals. Passkeys, a virtual form of the FIDO2 hardware security key scheme, provide a more secure method of authentication and can help thwart phishing and adversary-in-the-middle attacks. … Read more

AWS is pushing ahead with MFA for privileged accounts. What that means for you …

by

June 17, 2024 at 07:30AM Amazon Web Services (AWS) is making multi-factor authentication (MFA) mandatory for specific users, starting with privileged users in 2024. This change is being gradually implemented, aiming to enhance security against credential-based attacks. Additionally, AWS introduced FIDO2 passkey support, enabling customers to use biometrics or device PINs for MFA across various … Read more

AWS adds passkeys support, warns root users must enable MFA

by

June 12, 2024 at 03:43PM AWS has launched FIDO2 passkeys for multi-factor authentication, boosting account security. These passkeys use public key cryptography and resist phishing attacks. Amazon encourages users to adopt MFA, planning to make it mandatory for root account users by July 2024. The company is committed to enhancing MFA adoption via CISA’s Secure … Read more

Google Simplifies 2-Factor Authentication Setup (It’s More Important Than Ever)

by

May 7, 2024 at 06:36AM Google has simplified the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. The update includes a new two-step method and removal of the need for less secure SMS-based authentication. Additionally, users can now disable 2FA without having their enrolled second steps automatically removed. Meeting Notes … Read more

Selecting the Right Authentication Protocol for Your Business

by

April 10, 2024 at 04:24PM Authentication protocols are essential for online security, allowing users to securely confirm their identities and access protected information. Selecting the right protocol can be daunting, but key options include OAuth/OpenID Connect for quick user registrations, SAML for enterprise single sign-on, FIDO2/WebAuthn for consumer-facing applications, and TOTP for enhanced security in … Read more

Google Adds Passkey Support to New Titan Security Key 

by

November 16, 2023 at 01:15PM Google has released updated USB-A and USB-C models of its Titan security key, which now supports passkeys. These keys are secure authentication devices that can store over 250 unique passkeys and work with various applications. Google aims to replace passwords with passkeys and plans to distribute 100,000 free security keys … Read more