I often wonder how many companies could have avoided major security breaches if their companies did annual pen testing against their environment? I just found out that one of my favorite department stores had a security breach and they will not be held responsible if fraud activities were to appear on any of their customers accounts.
The FIDO Alliance (Google, Microsoft, PayPal, and others) have just published
a ‘password free’ standard that works with both single and two-factor authentication
and relies on the use of sign-in methods other than passwords, (e.g., some fingerprint
readers, USB dongles, etc.). It may take some time before it becomes accepted as a
practical alternative to using passwords because it doesn’t support existing authentication
mechanisms like Apple’s Touch ID fingerprint system or Bluetooth.
Another big data leak, this time from Delta. How are the security teams not scrambling at these orgs to find vulnerabilities and fix/patch them? It’s getting to the point where we as consumers don’t really have a choice when using some of these services, and yet we are the losers when companies are irresponsible.
Sheena L. Thomas says
I often wonder how many companies could have avoided major security breaches if their companies did annual pen testing against their environment? I just found out that one of my favorite department stores had a security breach and they will not be held responsible if fraud activities were to appear on any of their customers accounts.
https://www.saksfifthavenue.com/include/aem/aem_static.jsp?page=security-information-notice&site_refer=EML
Vince Kelly says
Tech industry completes its standards for banishing passwords
https://www.engadget.com/2014/12/09/fido-alliance-publishes-specs/
The FIDO Alliance (Google, Microsoft, PayPal, and others) have just published
a ‘password free’ standard that works with both single and two-factor authentication
and relies on the use of sign-in methods other than passwords, (e.g., some fingerprint
readers, USB dongles, etc.). It may take some time before it becomes accepted as a
practical alternative to using passwords because it doesn’t support existing authentication
mechanisms like Apple’s Touch ID fingerprint system or Bluetooth.
Fraser G says
https://www.silicon.co.uk/security/cyberwar/delta-breach-customer-payment-details-231045
Another big data leak, this time from Delta. How are the security teams not scrambling at these orgs to find vulnerabilities and fix/patch them? It’s getting to the point where we as consumers don’t really have a choice when using some of these services, and yet we are the losers when companies are irresponsible.