tag:blogger.com,1999:blog-39135434366774974052024-03-16T18:52:19.402+00:00Winfrasoft NewsNews, alerts and information from Winfrasoft.Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.comBlogger69125tag:blogger.com,1999:blog-3913543436677497405.post-64303938615641211702015-09-03T10:10:00.002+01:002015-09-03T10:10:49.960+01:00How GOV.UK Verify Has Stopped Short Of Delivering the Perfect Citizen Experience<div class="MsoNormal">
Make it easy for people to self-serve online and that is
what the vast majority of people will elect to do. Public sector organisations
have invested millions in putting key services online and have also spent a
significant amount of money making us aware of them. For these organisations it
means that they can reduce costs associated with delivering ‘manned’ service
and for the citizen it means they can get access to the information and
resources they need 24/7. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
If you have used any of these services you will know that it
is something of a mixed bag when it comes to the user experience. Renewing car
tax for example is a relatively straight-forward process that saves a visit to
the Post Office, but dealing with certain elements of the HMRC website offers
an altogether different experience. Then, if you have to pick up the phone and
choose the wrong time of day to do so you can expect an excruciatingly long
wait. A quick search on Twitter and you will see what people have to say.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
One of the problems people have when dealing with public
sector organisations is the fact that we do not need to engage with them very
often, but when we do it is inevitably for something important. As a result of
this infrequent usage I for one without fail will fall at the first hurdle - passing
through the Gateway.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The Government Gateway account is something you must sign-up
for to access HMRC online services and it is essentially a username and
password. However, it isn’t a username of my choosing and it consists of 12
randomly generated numbers. So, when I need to file my tax return it isn’t
getting my accounts in order that creates the stress, but trying to remember
where I jotted down the username and password when my account was first
activated (which was some years ago). It is frustrating and can be more than a
little concerning, especially if filing a return at the eleventh hour to avoid
a penalty!</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As a citizen I have no choice. Yet, as a customer shopping
online I know the power of the pound in my pocket and if I am not getting the
service experience I expect then I can vote with my feet. These commercial
organisations know this and there is a groundswell of activity at the moment to
improve how customers can login and authenticate themselves. But just because
government organisations do not have to change it doesn’t mean that they should
not evolve their identity verification and authentication processes.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Step forward the much debated and anticipated replacement to
the Government Gateway. The <a href="https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify">GOV.UK
Verify</a> initiative is being closely observed by governments around the world,
as a new way to improve the verification of a citizen’s identity (replacing
archaic face-to-face and postal methods used currently). In many respects GOV.UK Verify is a great
idea. It gives the user a choice of
which specialist third-party organisation they can use to initially validate
their identity (it should take around 15 minutes) and after this one-time-only
process the user then simply logs in. But for me it is here at the
authentication stage that this fantastic innovative project falls down, as it
reverts to the standard username and password, which is my bugbear with the current
Gateway.</div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I had hoped that such a trailblazing and forward-looking
project would have looked beyond passwords, especially given the raft of
compelling one and two factor authentication alternatives that are being
adopted in private sector (and indeed some public sector) organisations right
now.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I of course appreciate and value the prospect that GOV.UK
Verify will hopefully improve the protection of my data from the increasingly
resourceful professional cybercriminals or opportunists. And, I also look favourably
on the new front-end interface (it could not have been much worse!). However,
from a user experience perspective (and I am taking as a citizen/customer
rather than an authentication expert) it does not satisfy my expectation for a fast
and secure authentication experience.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I cannot help but feel that they have stopped just one step
too short, and if they had taken this single step they could have made an
exciting project a truly ground-breaking initiative that would set the standard
for not only other public sector organisations but private sector businesses to
follow. My hope is that as the service
is rolled-out and bugs are ironed out there will be a planned phasing out of
the password in favour of something that will enhance and does not inhibit the
customer experience.</div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Author: Fred Astfeldt</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoQ46z2-AL-XIkb7XjDH-YPDK9tmqob_yPhaFY7R3YYfUzU1B1g6S2py7zlutwa69OMNj4osrIHgajg0fmSeFwNps6mMVJ7_m2E1ui6kUu6yRmrgVjz-Nmcnox2rwtU5dWkk-ybsNxMmne/s1600/Fred+Astfeldt+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoQ46z2-AL-XIkb7XjDH-YPDK9tmqob_yPhaFY7R3YYfUzU1B1g6S2py7zlutwa69OMNj4osrIHgajg0fmSeFwNps6mMVJ7_m2E1ui6kUu6yRmrgVjz-Nmcnox2rwtU5dWkk-ybsNxMmne/s1600/Fred+Astfeldt+-+Winfrasoft.jpg" /></a></div>
<div class="MsoNormal">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com23tag:blogger.com,1999:blog-3913543436677497405.post-30848511340985838132015-08-25T16:36:00.001+01:002015-08-25T16:38:32.486+01:00Case study: The City of St. Petersburg<div>
Known as “The Sunshine City”, <a href="http://www.stpete.org/">St.Petersburg</a>, Florida in the US averages 361 days of sunshine each<br />
year. It covers 61.7 sq. miles and has a population of approximately a quarter of a million people making it the 5th largest city in Florida. St. Petersburg has emerged as a top destination for the arts with the Dali Museum, the Dale Chihuly world renowned glass collection, and six art districts. It is the job of the city’s 2,500+ employees to provide the essential services and support that keeps the city running smoothly.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjIyZFYHqs4rWyl1RGeS4LzFfeBcVMYWrucfUNOWsX3kBoJfIvXsjcgq4sEO0588Kq7zVamwrfGHtg8Fc-xX4dRGQ_vorRCiI1aIzdY2shoNZrrOfX6FNzu3OA0EZefba9_sOVTn8ulFqr/s1600/stpete.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjIyZFYHqs4rWyl1RGeS4LzFfeBcVMYWrucfUNOWsX3kBoJfIvXsjcgq4sEO0588Kq7zVamwrfGHtg8Fc-xX4dRGQ_vorRCiI1aIzdY2shoNZrrOfX6FNzu3OA0EZefba9_sOVTn8ulFqr/s1600/stpete.png" /></a></div>
<b><i>The challenge</i></b></div>
<div>
<b><i><br /></i></b>The city has a growing number of employees that need to access resources on the city network, whilst working away from the office. To help them, the city implemented a remote access solution from VMware and mobile device management from AirWatch. However, with many of the software applications not available in mobile versions, it was causing a problem for those logging on via tablets and smartphones. <br />
<br />
The solution was to use VMware View, which would give employees remote access to the desktop applications they needed from their mobile devices. However, this increased the security risk, as Brian Campbell, <a href="https://www.linkedin.com/vsearch/p?title=Chief+Information+Security+Officer&trk=prof-exp-title">Information Technology Security Officer</a> at the City of St. Petersburg explains: “The only security requirement offered by VMware View to gain access to the users' desktop was their security credentials of user ID and password. Whilst we have stringent polices for user ID creation and robust password management, we recognised that it simply was not enough.”<br />
<br />
Mr. Campbell uses the example of a mobile device being inadvertently infected with a key-logger, which could capture the login credentials and potentially be used to infiltrate the system and cause disruption.<br />
<br />
The city decided that an additional layer of security was needed and a two-factor authentication (2FA) solution would be the most prudent way forward. The city’s Information Security team investigated, demonstrated and discounted a number of the market leading solutions. Mr. Campbell explains: “The solutions we looked at were not straightforward, elegant, nor in a small enough form factor to make us feel comfortable in choosing any of them. That is until we found PINgrid from Winfrasoft.”<br />
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg65UZS622u75KfqBsZBjGC0mzwGA4uCjz78YwaiqpwjErJfQU6GiJ7u7SUB83fr0Ds2mOhwRttL73-37m4EPMFttllYPJ7-E-v405gsvhGaMGnx88a9c9avWLZWX2fZdOWUPGkYHs5xmR/s1600/Winfraoft+PINgrid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg65UZS622u75KfqBsZBjGC0mzwGA4uCjz78YwaiqpwjErJfQU6GiJ7u7SUB83fr0Ds2mOhwRttL73-37m4EPMFttllYPJ7-E-v405gsvhGaMGnx88a9c9avWLZWX2fZdOWUPGkYHs5xmR/s320/Winfraoft+PINgrid.png" width="267" /></a></div>
<div>
Initially the simplicity of PINgrid made the team wary, but also intrigued enough to embark upon rigorous and thorough testing to scrutinise every aspect of the solution. The result was zero failures. “We had to know if a solution so simple could meet our high expectations,” Adds Mr Campbell. “During the testing phase we were in frequent contact with the Winfrasoft team and their responses to our questions were always immediate and positive. Not only were we impressed with the solution were also impressed with their customer service.”<br />
<br />
Having found its 2FA solution, the city invested in user licenses for PINgrid for the members of staff who are authorised to have remote access, and today it is fully integrated with the VMware solution.<br />
<br />
<b><i>The benefits</i></b></div>
<div>
<b><i><br /></i></b>To use PINgrid all an employee with remote access rights needs to do is download the app (available from all major app stores) on to their mobile device. Meanwhile, the Information Security team creates their account which in turn triggers an email to be sent to the employee, which includes their initial PINgrid pattern. The entire process takes a matter of minutes. <br />
<br />
Now, all the user needs to do to login is to access VMware View but before they enter their username and password they are prompted for a One Time Code. This code is obtained by simply opening the PINgrid app and entering the corresponding digits that appear in their pattern.<br />
<br />
“For staff choosing to install the app on their personal devices we ensured that they understood that the PINgrid app is essentially a standalone number generator requiring no Internet access, no “phone home” requirement, and giving them reassurance that it is completely independent and that they could use it with confidence,” notes Campbell.<br />
<br />
“We have found that the beauty of PINgrid is in its simplicity,” remarks Mr. Campbell. “It has been easy to deploy and the roll-out required virtually no user training, even though we offered it to everyone, only around 5% of the users requested assistance” Campbell concludes: “PINgrid is absolutely the solution we were looking for but didn’t expect to find. It works perfectly, is consistent and we have no complaints or problems at all. We are very pleased indeed.”</div>
</div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com8tag:blogger.com,1999:blog-3913543436677497405.post-8090434726864323622015-07-17T11:50:00.000+01:002015-07-17T11:50:00.859+01:00VIDEO: Winfrasoft CEO, Steven Hope Explains Why the Time Has Not Yet Come for Biometrics<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
<span style="text-align: justify;">Last week our CEO, Steven Hope, joined leading
privacy, identity and security experts from across</span><span style="text-align: justify;"> </span><span style="text-align: justify;">Europe to present at Building Trust on a
Hyperconnected World, an event hosted by <a href="http://www.eema.org/">EEMA</a> and OASIS at the EMEA
headquarters of CA Technologies, Ditton Manor.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
<span style="text-align: justify;"><br /></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
In the session entitled ‘Biometrics: the time has
come?’, Steven was joined by Professor JJ Nietfield from the University Medical
Centre in Utrecht, the Chair of the OASIS IBOPS Technical Committee, Abbie
Barbir and Executive Director of EEMA, David Goodman. During his presentation
and the panel debate which followed, Steven shared his perspective on the hype
surrounding the use of biometrics. He explained that whilst the technology does
have the potential to have a place in the identification and authentication
process, there is a reason why it has not yet taken off in the way many experts
had expected.<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
Steven argued that the proliferation of biometrics
on the latest smart devices is focused on delivering a convenient user
experience, and is not about delivering tight security, despite the worrying
efforts of some large organisations (especially those in the banking sector)
trying to find ways to exploit the likes of TouchID for authentication
purposes. He also observed how the word ‘biometrics’ has wrongly become
synonymous with security, and explained how smart devices operating
consumer-grade biometric sensors, could not and should not be expected to
deliver the accuracy and reliability of high-end biometrics equipment used in
the commercial world. <o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
<b>You can watch Steven's full presentation here...</b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe width="320" height="266" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/_njXZxHYrjE/0.jpg" src="https://www.youtube.com/embed/_njXZxHYrjE?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: left;">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com77tag:blogger.com,1999:blog-3913543436677497405.post-16943067136844743482015-07-14T11:48:00.001+01:002015-07-14T11:48:57.876+01:00Passwords won’t be gone in the blink of an eye<div class="MsoNormal" style="background: white; margin-bottom: 5pt; text-align: justify;">
<span style="background-color: transparent;">I truly believe we are about to turn the corner in finally replacing
password-based authentication, but I am concerned that many organisations (some
vendors and some end-user businesses) are getting a little distracted with the
current flavours of the month.</span></div>
<div class="MsoNormal" style="background: white; margin-bottom: 5pt; text-align: justify;">
<span style="background-color: transparent;"><br /></span></div>
<div class="MsoNormal" style="background: white; margin-bottom: 5pt; text-align: justify;">
<span style="background-color: transparent;">Last month I posted a blog explaining why emojis are not the future of
authentication. This week I find myself having similar conversations about
selfies, following MasterCard’s announcement that it is experimenting with a
mobile app, through which the customer poses for a selfie, blinks and hey
presto they are authenticated!</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
Many of us use emojis and take selfies everyday (as well as using social
networks which is another method being considered), so on face value it would
seem to make sense to try and find ways of adopting them as authentication
tools. However, passwords have been with us for a long time and don’t think
that they are going to go in the blink of an eye!<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
From an end-user perspective passwords cause us headaches, because they
are overused and as we all do so much online, we need to remember so many of
them. Most of us solve this problem by using the same password (or variations
of it), causing organisations major headaches as we compromise their security
protocols. The thing is, we all want to be secure and protected but we are also
impatient and don’t want to be inconvenienced, so we look for short cuts</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
.<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
Now, imagine this brave new world where passwords have been replaced by
the headline hitting gimmicks. As it is the start of July you want to login to
your online banking to check you have been paid. To do so you are asked to
provide a fingerprint (biometric). Great news you have money in your account and
it is time to renew your car insurance and they want you to prove you are who
you say you are with a selfie. Next you decide to do your weekly shop but
before you can arrange delivery you need to use your secret combination of
emojis. Three different methods to authenticate. Suddenly passwords don’t seem
so bad!<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
For all their failings passwords are ubiquitous in our society. There
is an encouraging ground swell of support to displace them, but if they are to
be usurped it needs to be with something that has the potential to become just
as prolific and lasting, and crucially doesn’t cause the people who use them
pain.</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<i>Author: Fred Astfeldt, <a href="http://www.pingrid.com/">Winfrasoft</a></i></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoQ46z2-AL-XIkb7XjDH-YPDK9tmqob_yPhaFY7R3YYfUzU1B1g6S2py7zlutwa69OMNj4osrIHgajg0fmSeFwNps6mMVJ7_m2E1ui6kUu6yRmrgVjz-Nmcnox2rwtU5dWkk-ybsNxMmne/s1600/Fred+Astfeldt+-+Winfrasoft.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoQ46z2-AL-XIkb7XjDH-YPDK9tmqob_yPhaFY7R3YYfUzU1B1g6S2py7zlutwa69OMNj4osrIHgajg0fmSeFwNps6mMVJ7_m2E1ui6kUu6yRmrgVjz-Nmcnox2rwtU5dWkk-ybsNxMmne/s1600/Fred+Astfeldt+-+Winfrasoft.jpg" /></a></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com5tag:blogger.com,1999:blog-3913543436677497405.post-39020105586456370032015-07-02T13:30:00.000+01:002015-07-06T09:50:12.134+01:00Winfrasoft to Help Organisations Move from Passwords and Hard Token Authentication at the Security IT Summit 2015<a href="http://www.winfrasoft.com/">Winfraso</a><a href="http://www.winfrasoft.com/">ft</a> today announced that at the <a href="http://www.securityitsummit.events/">Security IT Summit 2015</a> it will be demonstrating how organisations can move away from password-based security with the award-winning PINgrid, PINpass and PINphrase. The one-day event takes place on 7th July at the Hilton London, Wembley.<br />
<br />
At the Security IT Summit, Winfrasoft (an OATH and FIDO Alliance Member) will provide security professionals working in B2B and B2C organisations with a fresh alternative to their current authentication and transaction verification methods. Delegates will learn how they can remove the reliance on password-based authentication and pressure on the helpdesk for resets, eliminate procurement costs and administration surrounding card readers and keyring tokens, and innovate without the need to implement expensive biometrics.<br />
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgU6s4ne3Tvk257XlrZwLvYtT-axXk-g3VnausiILJ0irhAeSoGpRhfAXXJuXNEYusx_PyHfIn8dzLiHwuvoOqMwCOHhGV4h6hIpHLdoKYKP3qhK4ZcwyomCzpELKNqsv5zyoerI1vbiQEp/s1600/logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgU6s4ne3Tvk257XlrZwLvYtT-axXk-g3VnausiILJ0irhAeSoGpRhfAXXJuXNEYusx_PyHfIn8dzLiHwuvoOqMwCOHhGV4h6hIpHLdoKYKP3qhK4ZcwyomCzpELKNqsv5zyoerI1vbiQEp/s1600/logo.png" /></a></div>
<b>- PINgrid </b>is an award-winning and patented multi-factor authentication and transaction signing solution that is being used in the public and private sector today to transform any mobile device into a soft-token, via a simple offline app, replacing passwords with a memorable pattern that automatically generates an OTP.<br />
<br /></div>
<div>
<b> - PINpass</b> turns any mobile device into a token by sending a six to eight digit OTP to it via SMS or email. By combining it with a PIN, or an existing Active Directory password, PINpass creates a strong 2FA solution. </div>
<div>
<b><br /></b><b>- PINphrase</b> uses Random Character Authentication. <br />
<br />
PINgrid, PINphrase and PINpass all support implementation in 1.5 and 2FA environments.<br />
<br />
Head of Sales at Winfrasoft, Fred Astfeldt comments: “Recently we have seen a reaction from retail banks as they start to offer customers a choice in how they authenticate themselves online, giving the option to continue with card-reader or keyring token, or to login using their memorable information. In PINphrase, Winfrasoft is the only authentication speciality with an off-the-shelf product that enables any organisation to implement this form of authentication without the need to develop it in-house.” <br />
<br /></div>
<div>
Astfeldt adds: “Our solutions have been rigorously tested in public and private sector organisations and have been proven to deliver strong, robust and reliable authentication. However, they have also been demonstrated to have a major impact on improving the end-user experience.” <br />
<br />
In addition to PINgrid, PINphrase and PINpass, Winfrasoft will also be demonstrating its Enterprise Desktop Logon and Remote Desktop Agent for organisations using Microsoft’s Remote Desktop Services, Citrix and VMware. These solutions enhance secure access to the corporate network, applications and data by augmenting the username and password login with either 1.5 or 2FA.<br />
<br />
<b>For more information about the Security IT Summit visit: <a href="http://www.securityitsummit.events/">www.securityitsummit.events</a></b><br />
<b><br /></b>
<b>Follow the event on Twitter <a href="http://www.twitter.com/SecIT_Summit">@SecIT_Summit</a></b></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com7tag:blogger.com,1999:blog-3913543436677497405.post-71240202627466972512015-06-18T22:35:00.000+01:002015-06-18T22:35:27.578+01:00Why Password Vaults, and Emojis are not the Future of AuthenticationThe news this week that <a href="https://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/">Last Pass has suffered a security breach</a> is a reminder of why I am not a fan of the password vaults currently on the market.<br /><br />Password vaults serve one purpose only and that is to make it easier for people to store their login <br />credentials centrally. They are not about making those credentials more secure. Yes, you will see marketing materials talking about encryption and the like, but at the end of the day all you are doing is consolidating your passwords and ‘securing’ them with just one master code. <br /><br />People buy in to password vaults for convenience in fact Last Pass has the tagline ‘The last password you’ll ever need’. It is essentially the same as storing all your credit, debit and store cards, along with your driving licence and cash in a wallet. It seems like a great idea until it gets stolen.<br /><br /><div>
For me, the root cause of the problem isn’t the password vault itself, but the password. Most of us tend to see the login screen as an obstacle that stands in the way of us doing what it is that we want to do. Anything that makes it quicker and easier to get through the process is welcomed with open arms. To illustrate my point, how many of you click the ‘remember this password’ when given the opportunity? I know I have.<br /><br />If we are being honest most of us are willing to make some form of trade-off between security and convenience, but we should not be expected to do so. Passwords continue to haunt our lives because organisations decide to enforce their use, and in most instances it is because they do so as they don’t know what else to do. As security professionals it is our role to give these organisation choice, show them that there is a better way and crucially, put forward a compelling business case that will drive lasting change.<br /><br />At the same time Last Pass has been hitting the headlines this week, so too has <a href="http://www.theguardian.com/technology/2015/jun/15/emojis-pin-numbers-passcodes">Tripwire for its attempt to solve the problem using Emojis</a>. As a marking gimmick it has certainly succeeded in grabbing attention, and they seem to be heading in the right direction by trying to make login credentials easier to remember and leveraging the capabilities of mobile devices. But could such a solution viably replace every website, mobile app or corporate network that currently uses a password? Emojis might appeal to millennials logging on to a social forum, but would a silver surfer feel comfortable using them for their online banking? It may well be more secure than a password but I can’t imagine entering: smiley face, sad face, birthday cake and love heart to authorise a transaction from my corporate bank account!</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrV0pq85jsFMQGLk3gV-_DJ93zHkja8RAzDBVX18kgWST0gWEE_xuv3Bbv95Ei84KHMqi-Mdnvpo_q_ymV1PU0xWISkGAAE68bqHfTUL4-HvU92toBgH9IEAVEV7vZH2o8fqpAq7FBUkP_/s1600/emoji.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrV0pq85jsFMQGLk3gV-_DJ93zHkja8RAzDBVX18kgWST0gWEE_xuv3Bbv95Ei84KHMqi-Mdnvpo_q_ymV1PU0xWISkGAAE68bqHfTUL4-HvU92toBgH9IEAVEV7vZH2o8fqpAq7FBUkP_/s1600/emoji.png" /></a></div>
<div>
Meanwhile, at the other end of the scale biometrics are promising to change the world, but unless you are a large bank with money to burn it is pretty much out of reach, and even then you have the issue of standardising on a biometric.<br /><br />This is the big challenge we as an industry face if we are going to replace something as ubiquitous as a password. We need to find something that has the potential to be just as ubiquitous in the future, otherwise we will be stuck in the same old rut. </div>
<div>
<br />We think we might have just the thing! <a href="http://www.pingrid.com/">www.pingrid.com</a> </div>
<div>
<i style="line-height: 150%; text-align: center;"><br /></i></div>
<div>
<i style="line-height: 150%; text-align: center;">Author: Fred Astfedlt, </i><i style="line-height: 150%; text-align: center;"><a href="http://www.winfrasoft.com/" style="line-height: 150%; text-align: center;">Winfrasoft</a></i></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGakYC4FJK75sTc1LTg4IkGO9IdUCq9P_uUKCwb0wCtEP5lNvP0Ir_epf1F0Ai6xgoOTwb-yLWwUU9hgCP785YmGhEr4YJUYJ9lJ8gf7VSQfj-8hZ3ToC3H3KOV1QI3sJzZ6-boAR_kjsa/s1600/Fred+Astfeldt+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGakYC4FJK75sTc1LTg4IkGO9IdUCq9P_uUKCwb0wCtEP5lNvP0Ir_epf1F0Ai6xgoOTwb-yLWwUU9hgCP785YmGhEr4YJUYJ9lJ8gf7VSQfj-8hZ3ToC3H3KOV1QI3sJzZ6-boAR_kjsa/s1600/Fred+Astfeldt+-+Winfrasoft.jpg" /></a></div>
<div>
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com5tag:blogger.com,1999:blog-3913543436677497405.post-24475050419821849792015-06-11T13:35:00.001+01:002015-06-11T13:35:52.398+01:00Reducing Customer Friction with Better Authentication<div class="MsoNormal">
Retail banks around the work are trying to get to grips with a difficult challenge. How to make their identification and authentication processes secure enough to protect them and satisfy the regulators, but at the same time balance that with the desire of customers to have a frictionless experience. This was one of the key issues that was debated at a one day conference held at the Department of Business Innovation and Skills in London last week.<br />
<br /></div>
<div class="MsoNormal">
Attended by experts in e-identity and authentication, those working in some of the largest banks in Europe, as well as representatives from the European Commission and the European Banking Association (EBA), the event was held a few weeks after 24 out of 28 authorities from EU member states signed up to the new EBA guidelines for online payment security. Coming in to force from 1st August 2015 these guidelines require banks to have stronger authentication whereby a customer must provide non-reusable security details. So, unsurprisingly online payments was a red hot topic of conversation. <br />
<br /></div>
<div class="MsoNormal">
The problem with online payments today is when consumers buy something online they reach for their debit or credit-card. However, these cards were introduced when there was no Internet and where designed to be presented at the point-of-sale. As a result banks are having to deal with huge amounts of fraud from online card payments, costing huge sums of money and draining resources.<br />
<br />
Since their introduction cards have evolved, such chip-and-pin, and more recently contactless payment technology for low value transactions, but the later makes these cards more, rather than less susceptible to crime. So it is interesting to see how the rapid uptake of this innovation, which suggests customers are willing to trade a level of security for convenience, in much the same way as they opt for easy to remember passwords for their online accounts.<br />
<br />
The problem for banks is that whilst customer may be happy with a trade-off, the banks and its regulators are not. However, they know that to gain and retain customers they need to find ways of delivering a more frictionless online experience. Hence, whether you are a business or a retail customer you may have seen the need to for your card reader or key-ringer number generator (otherwise known as a hard-token) diminish in favour of more convenient methods of online authentication. Of course, this is also great news for banks as the cost to administer these devices is very high indeed.<br />
<br />
However, during the conference it was clear that banks are eager to find ways to strengthen their identification and authentication processes in a friction free manner, and worryingly many explained how they are investigating the use cases of biometrics in all its forms. <br />
<br />
In my opinion, there are a number of significant stumbling blocks when it comes to biometrics. Not only the level of investment and management that is required, and the sophistication of biometric readers on the current crop of ‘smart devices’, but also the challenge and cost of on-boarding all new and existing customers. This is far from the frictionless experience that customers are wanting, and banks are replacing one costly technology with another! Also, these readers currently feature on the higher end devices, alienating the majority of customers. And, as one speaker was quick to point out – what happens if a customer using biometrics is a victim of fraud? Criminals will undoubtedly find a way to cheat the system. So, how does a victim then go about proving they are who they say they are?<br />
<br />
One of the most insightful observations of the day was that banks can choose to add as many ‘layers’ of security as they wish, but if they are going to satisfy the customer they need to make the customer feel like they are using just one, any more and they feel like barriers. So, whether they are logging on or transacting via a website, on a desktop PC, a browser on a smartphone or tablet, or via an app, the process needs to be convenient, reliable and of course trusted. <br />
<br />
This is why the username, password and memorable information approach has been well adopted as it is device agnostic. So, if you want to have stronger security (and whilst this approach it strong it could be stronger) you need to find a solution that can also work in this environment, and currently biometric readers are neither robust nor ubiquitous enough to satisfy these requirements.<br />
<br />
However, there was unanimous consensus that using smart/mobile devices was undoubtedly the way forward. Using these devices presents a way to improve the authentication process for banks, without adversely impacting or burdening the customer. Yet, rather than biometrics, these device can be used to replace card-readers or key-ring tokens, by augmenting the username and password login in with a one-time code generated through an offline app residing on the device.<br />
<br />
From the banks perspective this approach is relatively inexpensive when compared to hard-tokens and biometrics. It can be rolled out rapidly at a regional, national or international level and it ease the possible friction for the customer. <br />
<br />
Another great benefit of this approach is that as well as being used for logging on to online bank accounts, it can also be used for swift online transaction verification, meaning online card payments can be afforded a far greater level of protection, which is great news for the banks who can save millions in reduced fraud incidents and the customers who are less likely to be innocent victims. <br />
<br />
<i>Author: Steven Hope, CEO, <a href="http://www.winfrasoft.com/">Winfrasof</a><b style="line-height: 150%; text-align: justify;"><a href="http://www.winfrasoft.com/">t</a></b></i></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimdzpqtr1uSubvPG1NMtuvDW0nRPGTb1dU3gWph3A-Jfx6VP32JyMKn8l1tqqEQ7JwsLM8Ibdvwm2Bh78mtqRlJLZG4T6dVAOhuahjaTyiEEg3Cx-DLvtwI5QsqkfOKQyYoRUNo74NVj6U/s1600/Steven+Hope.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimdzpqtr1uSubvPG1NMtuvDW0nRPGTb1dU3gWph3A-Jfx6VP32JyMKn8l1tqqEQ7JwsLM8Ibdvwm2Bh78mtqRlJLZG4T6dVAOhuahjaTyiEEg3Cx-DLvtwI5QsqkfOKQyYoRUNo74NVj6U/s200/Steven+Hope.jpg" width="200" /></a></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<o:p></o:p></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com40tag:blogger.com,1999:blog-3913543436677497405.post-66433710055681054162015-06-01T12:46:00.000+01:002015-06-01T12:46:14.275+01:00Is Your Action Camera Watching You? <div style="text-align: justify;">
Here at <a href="http://www.winfrasoft.com/">Winfrasoft</a> we think action cameras are great pieces of kit, whether you want capture for posterity the three-legged race at the school sports day, or are abseiling down a cliff. However, this morning we were as surprised as anyone to learn that the camera and the images, video and audio recorded and stored on them can be vulnerable to attack.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Today, the <a href="http://www.bbc.co.uk/news/technology-32934083">BBC has reported</a> that the latest Hero4 device from the market leading action camera vendor <a href="http://www.gopro.com/">GoPro</a> could compromised by, yes you guess it weak password security!</div>
<div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In the video report, Ken Munro from <a href="https://www.pentestpartners.com/">Pen Test Partners</a> explains how these cameras uses WiFi to sync with the GoPro app on the users mobile device. Those of you who have an action camera will know that from the app you can have complete control over the cameras features and functions. And it works fantastically well.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The problem is the GoPro app requires a password and as Mr Munro rightly points out, that people typically choose simple passwords. As a result, the ‘intruder’ can take full control of your camera without you knowing! In fact, they were able to crack the password in just a few seconds, using a dictionary attack. As a result the intruder can chose when the camera is switched on or off, can record (both video and audio) and they can even switch off the usual lights and sounds, so you would never know that the camera sat on the table is capturing everything. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Of course, most criminals are not going to be interested in your adrenaline fuelled holiday adventures, but thought of someone possibly listening and watching without you knowing feels somewhat sinister and intrusive. The advice by Pen Test Partners is to make the password as strong as you can, but anyone who reads this blog regularly will know that there really isn’t such a thing. So, if you want to be 100% safe then make sure you have the WiFi setting on your camera switched off.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
You can read the full story and watch the video at: <a href="http://www.bbc.co.uk/news/technology-32934083">http://www.bbc.co.uk/news/technology-32934083</a></div>
<br /><i>Author: Steven Hope, Winfrasoft</i><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimdzpqtr1uSubvPG1NMtuvDW0nRPGTb1dU3gWph3A-Jfx6VP32JyMKn8l1tqqEQ7JwsLM8Ibdvwm2Bh78mtqRlJLZG4T6dVAOhuahjaTyiEEg3Cx-DLvtwI5QsqkfOKQyYoRUNo74NVj6U/s1600/Steven+Hope.jpg"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimdzpqtr1uSubvPG1NMtuvDW0nRPGTb1dU3gWph3A-Jfx6VP32JyMKn8l1tqqEQ7JwsLM8Ibdvwm2Bh78mtqRlJLZG4T6dVAOhuahjaTyiEEg3Cx-DLvtwI5QsqkfOKQyYoRUNo74NVj6U/s200/Steven+Hope.jpg" /></a><div class="MsoNormal">
<b><i><br /></i></b></div>
<br />
<div class="MsoNormal">
<br /></div>
</div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com3tag:blogger.com,1999:blog-3913543436677497405.post-48506165698841125042015-05-27T12:33:00.001+01:002015-05-27T12:33:55.759+01:00How to Secure Every Remote Desktop with 2FA<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
You may find it
hard to believe but I am just about old enough to remember a time when you
switched off your office PC at the end of the day and that was it. If you
wanted to finish off that all important presentation you could take a laptop
home, but there would be no network access. So, you hurriedly copy and pasted
everything on to the desktop on a Friday afternoon. Sound familiar?<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
Today, thanks to
great technology such as Microsoft’s Remote Desktop Services and of course many
others, we can all get (and indeed expect) access to our desktop resources
whether in a coffee shop, airport lounge, train or a customer site. Logging on in this way is now second
nature. It means we are free from the
shackles of the office-bound desktop and arguably a lot more productive.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
But, for many
organisations this freedom comes at a price and that is compromised security.
Does the benefit outweigh the risk? I am not so sure, as you are only as strong
as your weakest link. Being able to offer remote desktop access from a
technical perspective is relatively simple and low cost (again thanks to the
likes of Microsoft), but securing it adequately and effectively has
traditionally been expensive and prohibitive.
I am of course talking about two-factor authentication (2FA).<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
As 2FA isn’t
built-in to Microsoft Remote Desktop Services the only option for organisations
conscious of securely protecting their desktop PCs and the network upon which
they reside, from data breaches and cyber threats has been to invest in a
separate solution. But, traditionally 2FA has been the preserve of key-ring
token providers, which require a large (the numbers can be quite frightening)
up-front investment and demand a lot of administrative resource. There is often
a lot of resistance from those who will be using the token and unless you have
a huge remote workforce, the numbers simply don’t stack up to make it a viable
proposition.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
Add in to the
mix regulatory compliance policies for some sectors that demand 2FA is used.
You have one camp that is forced to make the painful investment, or the other
that simply cannot justify or afford it and must enforce a blanket ban on
remote access. Of course, there will be a few ill-advised cases that chose to
risk it.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
For those not
needing to adhere to regulation, the majority settle for the default username
and password combination that Microsoft Remote Desktop Services offers. However, with advances in technology, most
notably the ability to place soft-tokens on to mobile devices, the costs have
plummeted and it is easier than ever to manage. <o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
From today,
organisations using Microsoft Remote Desktop can strengthen with 2FA by
augmenting the username and password screen with the need to enter a unique one
time passcode.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg65UZS622u75KfqBsZBjGC0mzwGA4uCjz78YwaiqpwjErJfQU6GiJ7u7SUB83fr0Ds2mOhwRttL73-37m4EPMFttllYPJ7-E-v405gsvhGaMGnx88a9c9avWLZWX2fZdOWUPGkYHs5xmR/s1600/Winfraoft+PINgrid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg65UZS622u75KfqBsZBjGC0mzwGA4uCjz78YwaiqpwjErJfQU6GiJ7u7SUB83fr0Ds2mOhwRttL73-37m4EPMFttllYPJ7-E-v405gsvhGaMGnx88a9c9avWLZWX2fZdOWUPGkYHs5xmR/s320/Winfraoft+PINgrid.png" width="267" /></a></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
Using the new
Winfrasoft Remote Desktop Agent, all the user needs to do is download the
PINgrid app on to their phone. From this point when logging in they simply open
the app and enter the digits that appear in their PINgrid pattern. It is also great news for the IT team as
there is no need for any code changes, making it very quick and easy-to-deploy,
whether you are an SME, or a large multi-national enterprise.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="line-height: 150%;">The Remote
Desktop Agent makes strong 2FA affordable for all. So, those who need to comply
with regulation but could not afford to do so, now can. Organisations of all
shapes and sizes that want to secure their desktop access with 2FA have the
option to do so. And, those that have had their hands tied and are using
expensive hard-tokens now have a viable alternative to consider when their next
license renewal is due.</span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<b><br /></b></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<b>For more information about Winfrasoft
Remote Desktop Agent contact a member of our team on Tel</b>: <b>+44
(0)118 336 8330, or Email: </b><b><a href="mailto:sales@winfrasoft.com">sales@winfrasoft.com</a></b><b> </b><i><o:p></o:p></i></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<i>Author: Steven Hope, CEO, Winfrasoft</i></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimdzpqtr1uSubvPG1NMtuvDW0nRPGTb1dU3gWph3A-Jfx6VP32JyMKn8l1tqqEQ7JwsLM8Ibdvwm2Bh78mtqRlJLZG4T6dVAOhuahjaTyiEEg3Cx-DLvtwI5QsqkfOKQyYoRUNo74NVj6U/s1600/Steven+Hope.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimdzpqtr1uSubvPG1NMtuvDW0nRPGTb1dU3gWph3A-Jfx6VP32JyMKn8l1tqqEQ7JwsLM8Ibdvwm2Bh78mtqRlJLZG4T6dVAOhuahjaTyiEEg3Cx-DLvtwI5QsqkfOKQyYoRUNo74NVj6U/s320/Steven+Hope.jpg" width="320" /></a></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal">
<br /></div>
<br />
<div class="MsoNormal">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com6tag:blogger.com,1999:blog-3913543436677497405.post-84581969633384945782015-05-27T09:33:00.000+01:002015-05-27T12:34:57.370+01:00PRESS RELEASE: Winfrasoft Launches Remote Desktop Agent to Deliver Two-Factor Authentication For Microsoft’s Remote Desktop Services<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<a href="http://www.winfrasoft.com/">Winfrasoft</a> today announced the launch of
its Remote Desktop Agent (RDA) that takes advantage of its award-winning <a href="http://www.pingrid.com/">PINgrid</a> solution to deliver secure two-factor
authentication (2FA) for organisations using Microsoft’s Remote Desktop
Services. Quick and easy-to-deploy without the need for code changes, RDA
enables IT security teams to comply with 2FA policy requirements, without
slowing down the user log-in experience. <o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
When a user
attempts to log-in to their desktop remotely they are presented with the familiar
username and password challenge, alongside which they are asked to enter their
one-time PINgrid passcode. The user simply enters the digits included within
their individual PINgrid pattern, which is displayed on their smartphone or
tablet, via the PINgrid app. For organisations that want to strengthen their
authentication but do not require full 2FA, RDA can be deployed directly on to
the login screen as a non-obtrusive 1.5FA solution.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg65UZS622u75KfqBsZBjGC0mzwGA4uCjz78YwaiqpwjErJfQU6GiJ7u7SUB83fr0Ds2mOhwRttL73-37m4EPMFttllYPJ7-E-v405gsvhGaMGnx88a9c9avWLZWX2fZdOWUPGkYHs5xmR/s1600/Winfraoft+PINgrid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg65UZS622u75KfqBsZBjGC0mzwGA4uCjz78YwaiqpwjErJfQU6GiJ7u7SUB83fr0Ds2mOhwRttL73-37m4EPMFttllYPJ7-E-v405gsvhGaMGnx88a9c9avWLZWX2fZdOWUPGkYHs5xmR/s320/Winfraoft+PINgrid.png" width="267" /></a></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="line-height: 150%;">CEO of
Winfrasoft, Steven Hope comments: “Many organisations rely on Microsoft’s
Remote Desktop Services to provide employees with anywhere access to their
desktop via an Internet connection. The big problem for IT security teams is
that it doesn’t have two-factor authentication built-in. Our RDA solution uses
PINgrid, which is trusted by public and private sector organisations around the
world to deliver strong authentication.”</span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="line-height: 150%;"><b>Remote Desktop
Agent is available now.</b></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; text-align: justify;">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com0tag:blogger.com,1999:blog-3913543436677497405.post-39548939990147334652015-05-05T11:07:00.003+01:002015-05-27T12:35:14.976+01:00Creating a Pattern for AuthenticationWe all use patterns to create passwords and have our own ‘unique’ formulas that we hope will keep us secure and able to remember them. So, I was not surprised to read a <a href="http://www.techweekeurope.co.uk/security/authentification/password-controls-crackability-praetorian-167094#M5gEcABXIIKkw0Hm.99">story on TechWeekEurope</a> in which Praetorian had reported that half of users’ passwords follow just 13 structures.<br />
<div>
<br /></div>
<div>
What did shock me thought is that there were as many as 13. How many of you use the tried and tested pattern for creating a password that begins with a capital letter at the start of a memorable word, followed by a memorable number and ending in an exclamation mark? My guess is that it is the majority of you!</div>
<div>
<br /></div>
<div>
It may seem to make sense that fewer structures inevitably make it easier for hackers to decipher passwords and therefore organisations should have policies for ‘strong’ passwords enforced upon them to avoid the obvious, and make it harder. However, the fact of the matter is even if there were double, quadruple or even ten times the number of structures being used, all it would do to a determined cybercriminal is slow them down a little, forcing them to use a wider variety of tools and tactics in their arsenal. It certainly would not stop or deter them.</div>
<div>
<br /></div>
<div>
My answer to the problem is simple. If people like using patterns to create passwords and those passwords are not secure, then remove the password from the equation altogether and use the pattern. This the foundation upon which <a href="http://www.pingrid.com/">PINgrid</a> is based.</div>
<div>
<br /></div>
<div>
Of course, the obvious question to ask is what is to stop the professional cybercriminal or opportunist from simply guessing, or identifying patterns? After all, surely that is easier that passwords! So, here is the clever part. Unlike passwords the user never discloses the pattern that they have chosen. </div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZ9zkvyvrgST1NFuzVHK4n2_dXqguqlbCjEo_v9MoruSIL1o3Zeg4ltgR86PTSB0mmZxapgTo9ZL0-JFSwvr54UvnLXMPq8ZmRlmkW8BVQkVU98DzgswsmooTNbJHv7WpUPfJinxkLTUsb/s1600/pingrid+screen.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZ9zkvyvrgST1NFuzVHK4n2_dXqguqlbCjEo_v9MoruSIL1o3Zeg4ltgR86PTSB0mmZxapgTo9ZL0-JFSwvr54UvnLXMPq8ZmRlmkW8BVQkVU98DzgswsmooTNbJHv7WpUPfJinxkLTUsb/s640/pingrid+screen.jpg" width="640" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Using <a href="http://www.pingrid.com/">PINgrid</a>, when the user logs in they simply type in the numbers (0-5 digits used in the grid) displayed in their memorable pattern. And, because these numbers are constantly changing it creates a huge range of possibilities. So, in a standard 6x6 configuration, <a href="http://www.pingrid.com/">PINgrid</a> provides 2.1 billion unique pattern possibilities, scale that up to 8x8 (0-7 digits used in the grid) and the number grows to an incredible 68.7 billion.</div>
<div>
<br />
<i>Author: Alissa Lang, <a href="http://www.winfrasoft.com/">Winfrasoft</a></i><br />
<div>
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s320/Alissa+Lang+-+Winfrasoft.jpg" width="213" /></a></div>
<div>
<b><br /></b></div>
</div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com3tag:blogger.com,1999:blog-3913543436677497405.post-76346215964250854082015-04-28T12:09:00.003+01:002015-04-28T12:09:51.871+01:00Making Passwords Easy to DigestI am all for making security easy to digest but actually eating passwords is taking thing a step too far in my book.We have all seen the movies where someone eats a piece of paper containing the evidence, but does anyone seriously think this could be the future of authentication? It seems there are people that do!<br /><br />Security professionals are familiar with the ‘traditional’ authentication factors such as...<br /><ul>
<li>Something you have – A key-ring token for example</li>
<li>Something you know – The username and password combination</li>
<li>Something you are – The biometric in all its forms</li>
</ul>
However, last week some new factors were proposed…<br /><ul>
<li>Something you have eaten</li>
<li>Something you have implanted</li>
<li>Something you have injected</li>
</ul>
These concepts have been mooted in the past as a flight of fantasy, but now PayPals’ Global Head of Developer Evangelism, Jonathan Leblanc has <a href="http://blogs.wsj.com/digits/2015/04/17/paypal-wants-you-to-inject-your-username-and-eat-your-password/">suggested to the Wall Street Journal</a> that ‘natural body identification’ in the form of edible, injectable and implanted devices, could well be the shape of things to come, with current biometric techniques a stepping stone. For those of you old enough to get the reference, it is all starting to sound a little ‘Logan’s Run’ to me!<br /><br />Whilst I appreciate that our industry need visionaries to help break the stranglehold passwords have on our lives, it is also important that we don’t get carried away. Passwords have been used for hundreds of years in one form or another and whilst people are tired of them, I believe this type of talk is not at all helpful in moving the conversation forward.<br /><br />Yes, this type of story does grab the headlines but the truth is why would anyone want to use these proposed forms of identification? Especially when there are methods available today that are proven to be practical, affordable and far less invasive. Also, whilst an ingested tablet may be able to identity you that isn’t the same as authenticating you, and in most scenarios we find ourselves in today, it isn’t just about proving that we are who we say we are, but also, that we have the permissions to do what we want to do. <div>
<br />So, I hope this in years to come it will be those who suggest such crazy ideas that are eating their words and not consuming passwords!<br /><br /><i>Author: Alissa Lang, <a href="http://www.winfrasoft.com/">Winfrasoft</a></i><div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<i><br /></i></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<i><br /></i></div>
</div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com3tag:blogger.com,1999:blog-3913543436677497405.post-49050887500810143392015-04-22T14:51:00.000+01:002015-04-22T14:51:54.528+01:00Sharing Passwords on National Television<div class="MsoNormal" style="background: white; text-align: left;">
<span style="line-height: 150%; text-align: justify;">A
few days ago I wrote about a recent survey which found employees would be
willing to sell their passwords. However, it now seems to be about giving them
away for free, by broadcasting them to the nation, in what turned out to be
perhaps one of the most ironic television interviews of the year.</span></div>
<div class="MsoNormal" style="background: white; text-align: left;">
<span style="line-height: 150%; text-align: justify;"><br /></span></div>
<div class="MsoNormal" style="background: white; text-align: left;">
<span style="line-height: 150%; text-align: justify;">You
may recall that the French broadcaster </span><a href="http://news.sky.com/story/1461492/is-supporters-hack-into-frances-tv5monde" style="line-height: 150%; text-align: justify;">TV5Monde
was the subject of a major hack</a><span style="line-height: 150%; text-align: justify;">, thought to be orchestrated by Islamic
State supporters, which caused the station to stop broadcasting for over three
hours. But, in what turned out to be an embarrassing interview with a reporter
to discuss the incident, a representative from the station could be seen
standing in-front of a wall plastered with notes revealing the passwords to
accounts such as the station’s Instagram, Twitter and YouTube channels.</span></div>
<div class="MsoNormal" style="background: white; text-align: left;">
<span style="line-height: 150%; text-align: justify;"><br /></span></div>
<div class="MsoNormal" style="background: white; text-align: left;">
<span style="line-height: 150%; text-align: justify;">Of
course, accidentally broadcasting passwords is very different from an employee
selling them, but the fact that they were placed on the wall in the first place
highlights the theme that employees do not see significance of sharing and
disclosing passwords, even when an organisation is in the midst of recovering
from a severe cyber-attack. Secondly, the only reason that the passwords would
have posted on the wall in the first place was clearly for convenience and
ease-of-use, as it means no-one needs to remember them.</span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<o:p></o:p></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
The
problem with passwords (well one of them) is the fact the for most people they
are perceived to be a barrier that is in the way of them getting to where they
want to go, and not an intrinsic and important security measure. So, it is
inevitable that employees will look to find ways to make the barrier smaller,
whether it is posting on the wall, displaying them on a post-it stuck to the
monitor, or making them as easy to remember as possible. <o:p></o:p></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
So,
to counteract this behaviour you need to educate employees as to the importance
of security, whether it is accessing the corporate network or the Twitter
account. After all in the eyes of the media a data breach is a data breach.
Realistically, a hacker is unlikely to do much damage by gaining access to a
social network account, but the fallout and reputational impact can be immense
and hard to recover from. <o:p></o:p></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
Furthermore,
you need to look at the password as a tool and ask, if people find them difficult
to remember and how can we make it easier? Or, could we do without them
altogether? Yes, this contradicts many calls to make passwords stronger and
more complex, but that has been said for many years now and it isn’t working.<o:p></o:p></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
The
time has come for a new approach that makes it easy for employees to play their
part in keeping the organisation secure by removing the burden of remembering a
password. For more information check out <a href="http://www.pingrid.com/">PINgrid.</a><o:p></o:p></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<br />
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
You
can read the full TV5Monde story and see the pictures (passwords have been
obscured) at: <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/tv5monde-hack-staff-accidentally-show-passwords-in-report-about-huge-cyberattack-10168475.html">http://www.independent.co.uk/life-style/gadgets-and-tech/news/tv5monde-hack-staff-accidentally-show-passwords-in-report-about-huge-cyberattack-10168475.html</a> <o:p></o:p></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
Author: Alissa Lang, Winfrasoft</div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com2tag:blogger.com,1999:blog-3913543436677497405.post-1023037307421552972015-04-17T09:26:00.001+01:002015-04-17T09:28:35.224+01:00Would your employees sell their company passwords?<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">We
have too many passwords, it is tough to remember all of them, they are not as
secure as we would hope (regardless of how ‘strong’ they are) and it costs IT
helpdesks a small fortune to handle the constant stream of reset requests.
These are all familiar pain-points of the password, but if a new survey is to
be believed it would seem that organisations need to watch their back, as one
in seven employees are willing to sell their passwords for as little as $150.<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">This
was the finding of a <a href="https://www.sailpoint.com/news/marketpulsesurvey-passwords"><span style="color: windowtext; mso-bidi-font-family: Helvetica; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 18.0pt;">global survey</span></a> conducted by the identity management company
SailPoint earlier this year. This says two things to me, the first is that
organisations need to better educate their employees as to the ramifications of
a security breech, as I am sure many people are naïve to what a determined
criminal can accomplish with one single password. Secondly, if people could be
tempted to disclose their password for such a relatively small sum of money, we
as security professionals need to take a close look at how we can remove the
temptation.<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">It
is often said that the human factor is often the weakest link in the security
chain. So clearly, the most obvious way to stop corporate passwords being sold
is to remove the need for people to have them in the first place. After all if
you don’t have it you can’t sell it! You may say “Easier said than done” but in
truth it is simple. <o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br />
<span style="font-family: Arial, Helvetica, sans-serif;">The
ubiquity of passwords has for too long made IT departments and security
professionals wary of replacing them. This is coupled with the fact that the
available alternatives, such as biometrics, have been accompanied by hefty
price tags, challenging roll outs and resource intense management. However, new
solutions such as <a href="http://www.pingrid.com/"><span style="color: windowtext; mso-bidi-font-family: Helvetica; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB; mso-font-kerning: 18.0pt;">PINgrid</span></a> are taking the elements of password-based
security that work well and replacing those that don’t. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 150%;">So,
if you are an employee you still login using a passcode, but it is a
one-time-code generated from a pattern that you have memorised within a simple
grid (either displayed on-screen, or via an app on a mobile device). Of course
an employee could sell their pattern but it would be worthless as the digits
within it are never repeated in the same sequence. Therefore, they would also
have to sell their device along with it and I don’t know anyone who would be
willing to be parted from their phones (whether their own device or a corporate
owned one) for a few minutes let alone sell it (apps intact) to a total
stranger! </span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Author: Alissa Lang, <a href="http://www.winfrasoft.com/">Winfrasoft</a></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXZTQGpex9qI1p2E1WqLgAyvbwXWJ8jhVQMOJ9PKUZTzwIl16khjPRYxoan_IjPdoQTRyFS-aVY9YJnEeFGruO9ehdMTfLzimz9y5aHsi9pDodHMDM1y5AOgL_ZK6nfOEGUoOj3w-4Sy4o/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-outline-level: 1; text-align: justify;">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com1tag:blogger.com,1999:blog-3913543436677497405.post-16941975030320405312015-03-18T17:37:00.000+00:002015-03-18T17:37:47.149+00:00Why I Want To Bank on My Brain and not BiometricsIn an article published today by Infosecurity Magazine, Alissa Lang from <a href="http://www.winfrasoft.com/">Winfrasoft</a> explains how many banks are moving away from passwords by introducing or trialing biometrics. However, Alissa puts forward a strong arguement that they do not have a place in authenticating customers, stating "I want to use my brain when I bank, and not a biometric."<br />
<br />
You can read the full story at: <a href="http://www.infosecurity-magazine.com/opinions/why-i-want-to-bank-on-my-brain-and/">http://www.infosecurity-magazine.com/opinions/why-i-want-to-bank-on-my-brain-and/</a><br />
<br />
<br />Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com2tag:blogger.com,1999:blog-3913543436677497405.post-55045104219812675152015-03-03T16:19:00.000+00:002015-03-03T16:26:39.031+00:00The Importance of SME Security in the Supply Chain<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
In Europe two
out of every three employees are employed by SME organisations. However, when
the topic of security and cybercrime is being discussed you would be forgiven
for thinking that these businesses are in the minority, as the media (and to a
large extent the vendors) focus on larger and wealthier enterprises.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
It would be fair
to say that for the majority of SMEs security issues do not feature heavily in
their day-to-day thinking. After all, they are focused on running their revenue
generating operations and why would they worry about issues that seemingly only
ever happen to the ‘big boys’? And even if they do appreciate the risks, few
have the time to keep abreast of the latest threat landscape and ways to
safeguard against them. <o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
The problem is
however that cybersecurity is very much an issue for SMEs and the impact can be
devastating. For one of those large organisations that hit the headlines it can
inflict harm on their brand reputation if not managed correctly and it can cost
many millions of pounds to resolve, as well as impacting the bottom line, but
by and large they have the resources and infrastructure to bounce back. For a
vulnerable SME a basic ransomware attack could spell the end of their business.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
Of course, some
of these attacks on high profile organisations are targeted, and the owner of
an SME may counter with the question ‘Why would a cybercriminal be interested
in me?’ To answer that question take a moment to think like a criminal. They
specialise in finding weak links. Some, will be opportunistic and see an open
door, or window, with a wallet left on the table unguarded. Meanwhile, others will be far more calculated
in their approach. Your business may not be the ultimate target but you may
present the ‘open window’ through which they can get access to the organisation
that is tempting them with a big score! You are just collateral damage. What is
more, that organisation you are supplying certainly won’t thank you. <o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
Going after the
weak link in the supply chain isn’t new (you may recall the now famous Lockheed
Martin incident back in 2011). For this reason supply chain security has moved
up the ICT agenda for large enterprises. So, for those SMEs who can demonstrate
that they will not be the weak link, it could well be the point of difference
that determines winning a major contract and losing out to a competitor.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
Most SMEs do
have a basic level of protection, but for many the only time it is mentioned is
when the annual renewal of the anti-virus software comes around. <o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
In today’s world
of multiple always on, always connected devices it is the password that
provides the first line of defence. Get hold of a password and all too often
the cybercriminal has the keys to the candy store – confidential information,
contracts and contacts, passwords<a href="https://www.blogger.com/null" name="_GoBack"></a> and access to systems,
and in some instances that can include third parties!<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
The challenge
for an SME and especially those on the larger side of the spectrum is being
able to manage passwords adequately. When someone creates a password they do so
because they think they will remember it, not because they think it will be
secure. Enforce more complex or so called ‘strong’ passwords and the cost of
constant reset requests will go up. Worse still so does the likelihood that
they will be written down on a Post-It note and stuck on the side of a monitor
(insider attacks can and do happen). Ask them to change their passwords
frequently and it will inevitably be a variation on the same theme so
DavidSmith1! becomes DavidSmith2!<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
Large security
conscious organisations (and I stress that not all of them are) invest in
additional layers of security, such as key-ring tokens and even biometrics, but
they introduce complexity, are expensive, are resource intensive to manage and
out of reach for most SMEs. What is more, many of them will revert back to
password-based authentication if they fail! However, thankfully there is a new
breed of innovative and affordable software-based solutions on the market that
can give small and large organisations alike the same calibre of first-line
defence, replacing passwords without massive change, closing what has until now
been an easy door to walk through for the determined cybercriminal.<o:p></o:p></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
If you would
like to learn more about how to safeguard your supply chain visit: <a href="http://www.pingrid.com/">www.pingrid.com</a></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
Author: Steven Hope, CEO of Winfrasoft</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMlLYkrA-s7DS0LtW4ZLRGngZL1Zeu-v3MR7LbBTlSIZOtfubHHxwZdPejLuc6VQ_ytar3Wuxl0L0i9a1fRfg16TtqYlKC1qUl6nM_xHoEjRXtz4w3Ebv4Fqb_Q7ICtZbHKWV0eNS7qtSq/s1600/Steven+Hope.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMlLYkrA-s7DS0LtW4ZLRGngZL1Zeu-v3MR7LbBTlSIZOtfubHHxwZdPejLuc6VQ_ytar3Wuxl0L0i9a1fRfg16TtqYlKC1qUl6nM_xHoEjRXtz4w3Ebv4Fqb_Q7ICtZbHKWV0eNS7qtSq/s1600/Steven+Hope.jpg" height="320" width="320" /></a></div>
<div class="MsoNormal" style="line-height: 115%; text-align: justify;">
<br /></div>
Graham Thatcherhttp://www.blogger.com/profile/15653680880441678214noreply@blogger.com5tag:blogger.com,1999:blog-3913543436677497405.post-60317940542206564752015-02-18T14:43:00.002+00:002015-04-17T14:28:05.290+01:00Would you use Touch ID for your mobile banking?<div class="MsoNormal">
You will likely have seem the news that <a href="http://www.bbc.co.uk/news/technology-31508932">RBS and Nat West are planning to use Apple's Touch ID</a>. On the face of it would seem to make perfect sense to make
use of this latest innovation in smartphone technology, however in my opinion T<span style="background: white; font-family: Arial, sans-serif; font-size: 10.5pt;">ouch
ID</span> for banking is not a good idea. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Firstly, when this technology was
launched it was hacked within days and with relative ease, and that was not a
big surprise. After all, it simply isn’t commercially viable to place
high-quality biometrics technology on a mass-market consumer device costing a
few hundred pounds.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I myself am an iPhone user and stopped using Touch ID when
I challenged a friend over dinner to get access to my device. It wasn’t until I
got home later in the evening that I realised he had succeeded in changing some
of my settings.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
We do need to move away from passwords and what they are
replaced with must strike a balance between delivering security and usability
if they are going to become ubiquitous. For me whilst this latest news from RBS
and Nat West is great headlines grabber but is ultimately they latest gimmick
on the biometrics bandwagon.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal">
<br /></div>
<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-3913543436677497405.post-76698471114090332742015-01-21T13:34:00.001+00:002015-04-17T14:28:55.750+01:00Would you give your password to a stranger with a camera?<div class="MsoNormal" style="background-color: white;">
We have been saying for years that one of the biggest problems password security (if you can call it that) is that every time you use it, you give away your secret, meaning it is no longer a secret and no longer secure! </div>
<div class="MsoNormal" style="background-color: white;">
<br /></div>
<div class="MsoNormal" style="background-color: white;">
This week the Mirror has published online a video taken from the Jimmy Kimmel show in the US that, whilst very amusing, hits home with a very strong message - passwords are simply not secure. </div>
<div class="MsoNormal" style="background-color: white;">
<br /></div>
<div class="MsoNormal" style="background-color: white;">
Take a look at: <a href="http://www.mirror.co.uk/news/technology-science/technology/would-you-tell-stranger-your-5005351">http://www.mirror.co.uk/news/technology-science/technology/would-you-tell-stranger-your-5005351</a> </div>
<div class="MsoNormal" style="background-color: white;">
<br /></div>
<div class="MsoNormal" style="background-color: white;">
Author: Alissa Lang, Winfrasoft</div>
<div class="MsoNormal" style="background-color: white;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="background-color: white;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<br /></div>
Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-3913543436677497405.post-40562124819627411142014-11-03T16:01:00.002+00:002015-02-27T15:47:19.710+00:00Winfrasoft To Reassess How Assets And Information Can Be Secured At Info-Crime Summit In London<div class="MsoNormal">
</div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.winfrasoft.com/">Winfrasoft</a> will be helping more than 200 heads of security to move away from password-based protection at the <a href="http://www.info-crime.com/">Info-Crime Summit</a> The company behind the award-winning <a href="http://www.pingrid.com/">PINgrid</a> is sponsoring and participating in the event which takes place in London on 25th and 26th November.</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">CEO of Winfrasoft, Steven Hope will host a 40 minute boardroom session which will open with a brief history of the password, a candid review of what passwords are good and bad for, a discussion around the inherent flaws of password protection in today’s world and practical measures that can be taken to solve them. Hope states: </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><i><br /></i></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><i>“Archaic password-based systems underpin most of today’s authentication and often it is the only line of defence. Now is the time to reassess how assets and information are secured from the ground up, with the help of the latest technology innovations.”</i></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Winfrasoft is a <a href="http://fidoalliance.org/">FIDO Alliance</a> member, Microsoft Certified partner in Security & Identity and embedded systems, and contributing member of OATH, so is ideally placed to provide information security professionals attending the Info-Crime Summit with the information and tools needed, in order to respond to the surge in dissatisfaction and disillusionment surrounding password-based authentication.</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVwZAZFZ0cLvoDSOj-Xj71a3aq6XMFprGgiZa-Z6Me06Gmbm3KJ0rc3SYBmkluRkrqzSwHuFzfl-wvd22k63CDawaYX7WDeAMB1UTFjAMjxWqZ_RXThd1k_1OF7H3wy0GmfIf78OPBBfo6/s1600/Winfraoft+PINgrid.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVwZAZFZ0cLvoDSOj-Xj71a3aq6XMFprGgiZa-Z6Me06Gmbm3KJ0rc3SYBmkluRkrqzSwHuFzfl-wvd22k63CDawaYX7WDeAMB1UTFjAMjxWqZ_RXThd1k_1OF7H3wy0GmfIf78OPBBfo6/s1600/Winfraoft+PINgrid.png" height="200" width="166" /></a><span style="font-family: Arial, Helvetica, sans-serif;">The company will also being demonstrating its award-winning <a href="http://www.pingrid.org/">PINgrid</a> authentication solution. It uses a 6x6 number grid that can be presented to the user on-screen, or on their smart device via an app. The user simply creates a memorable pattern (from a possible 2.1 billion different combinations) and then each time they wish to logon to a site protected by PINgrid they use this pattern to extract a one-time code (OTC) from the numbers on the grid. Furthermore, as PINgrid is kept separate from the login screen it safeguards against keylogging, screen scrapping, fingerprint smudges and shoulder surfing.</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<b style="font-family: Arial, Helvetica, sans-serif;">For more information about the Info-Crime Summit visit: <a href="http://www.info-crime.com/">http://www.info-crime.com/</a></b></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-3913543436677497405.post-8129871252787556752014-10-28T14:57:00.006+00:002015-02-27T15:48:04.882+00:00Passing Comment on Passwords (Part Four)<div class="MsoNormal" style="line-height: 150%; text-align: left;">
<span style="font-family: Arial, sans-serif; line-height: 150%; text-align: justify;">A recent </span><a href="http://www.telegraph.co.uk/technology/11175542/Now-change-internet-passwords-every-two-months.html" style="line-height: 150%; text-align: justify;"><span style="font-family: "Arial","sans-serif";">article in The Telegraph</span></a><span style="font-family: Arial, sans-serif; line-height: 150%; text-align: justify;"> reported that this year 110 million
pieces of data have already been illegally sold, representing a 300 percent
rise since 2012. This data mostly consists of login credentials, essentially meaning
username and password details.</span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";"><br /></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";">Of course, the same advice is wheeled
out, encouraging everyone to be more diligent and to change passwords more
frequently. But personally, I do not have a free evening every two weeks that I
can dedicate to changing every password on every online account I have!
Meanwhile, Facebook is busy </span><a href="http://www.dailymail.co.uk/sciencetech/article-2800093/facebook-hunts-stolen-passwords-site-scours-web-credentials-hackers-accounts.html"><span style="font-family: "Arial","sans-serif";">scouring the web</span></a><span style="font-family: "Arial","sans-serif";"> to try and find out if our details
have been compromised. But I would prefer it if efforts were focused on
stopping it happen in the first place.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";"><br /></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";">Asking people to regularly change
passwords just isn’t feasible and we should have learnt by now that the
majority of us just won’t do it. Even, if everyone did change their passwords
regularly at best it would possibly
reduce the ‘quality’ of the data being bought and sold. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: Arial, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: Arial, sans-serif;">Speaking
at the <a href="http://www.isse.eu.com/">Information Security Solutions Europe</a> (ISSE) conference in Brussels last
week the <span style="background: #F9F9F9;">Head of European Cybercrime Centre
(EC3), </span>Troels Oerting, commented </span><span style="font-family: "Arial","sans-serif";">that
most of the people who go online do not have a clue what they are getting in to and someone needs to
protect them. Meanwhile, the former </span><span style="background: white; font-family: Arial, sans-serif; line-height: 150%;">Cyber-Security Coordinator of the Obama Administration</span><span style="font-family: Arial, sans-serif;">, Howard
</span><span style="font-family: "Arial","sans-serif";">Schmidt, advised that we
need better security to have less victims, but this makes it harder for people
to do their jobs.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";"><br /></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";">A recurring theme at the conference
was the fact that still cybercrime has the potential to deliver high profit and
at low risk of being caught, especially as much of it is conducted across
national borders. So, all the while login credentials are easy pickings there
is no reason to expect this to change. The positive feedback I can report is
that there is much consensus among security professionals that we must move
away from passwords, with recognition for initiatives such as the FIDO Alliance
(of which Winfrasoft is a member) that is working to balance improved security with user
convenience. So, now the debate has moved on to how to achieve it.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";"><br /></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";"> Adding layers of security is one approach and
this week Google has been </span><a href="http://www.technologyreview.com/news/531926/a-physical-key-to-your-google-account/"><span style="font-family: "Arial","sans-serif";">introducing its new security key</span></a><span style="font-family: "Arial","sans-serif";">, which is essentially a hard-token
for 2FA. However, I suspect it won’t be on many peoples Christmas lists for two
reasons. The first is that it is a token and that means I will need to carry it
around with the other tokens I already have on my key ring. The second issue I
have is that is it a USB and neither my smartphone or my tablet (the two
devices that I tend to use the most for going online) have USB ports. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";"><br /></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";">I agree that adding layers of
complexity is important to thwart cybercriminals but if you make it more
complex for the user then you end up with paralysis. So, as smartphones and
tablets have become ubiquitous it is these devices that I strongly believe hold
the key (as opposed to the key ring token!). Placing the token on to these
devices adds convenience, as you always have it with you. Then, if you remove
the need for the user to remember password and the requirement for the
organisation to store it, in my book you have a winning solution.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";"><br /></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "Arial","sans-serif";">To find out how this works in practice
take a look at PINgrid: </span><a href="http://www.pingrid.com/"><span style="font-family: "Arial","sans-serif";">www.pingrid.com</span></a><span style="font-family: "Arial","sans-serif";"><o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<i><span style="font-family: "Arial","sans-serif";"><br /></span></i></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<i><span style="font-family: "Arial","sans-serif";">Author:
Alissa Lang, Winfrasoft<o:p></o:p></span></i><br />
<i><span style="font-family: "Arial","sans-serif";"><br /></span></i></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<i><span style="font-family: "Arial","sans-serif";"><br /></span></i>
<i><span style="font-family: "Arial","sans-serif";"><br /></span></i></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<i><span style="font-family: "Arial","sans-serif";"><br /></span></i></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-3913543436677497405.post-55723155343129526942014-10-23T23:13:00.000+01:002014-10-23T23:13:36.932+01:00Winfrasoft Appliance update for SSL 3.0 POODLE attack (CVE-2014-3566)<div>
<span style="font-family: Trebuchet MS, sans-serif;">Winfrasoft is pleased to make available Winfrasoft Appliance Update 2.0 for all Winfrasoft appliances running Microsoft Forefront TMG, UAG and Winfrasoft AuthCentral. The update protects the appliance from the recently discovered vulnerability in the SSL 3.0 protocol and the POODLE attack (CVE-2014-3566) and further hardens the cryptographic configuration of the appliance.</span></div>
<div>
<span style="font-family: 'Trebuchet MS', sans-serif;">Detailed information and the download location of Winfrasoft Appliance Update 2.0 is available here: </span><a href="http://www.winfrasoft.com/support/kb/kb-42.aspx" style="font-family: 'Trebuchet MS', sans-serif;">http://www.winfrasoft.com/support/kb/kb-42.aspx</a></div>
<div>
<span style="font-family: Trebuchet MS, sans-serif;">All support enquiries should be emailed to <a href="mailto:support@winfrasoft.com">support@winfrasoft.com</a></span></div>
<div>
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Trebuchet MS, sans-serif;">The SSL 3.0 vulnerability is an industry wide issue and is not restricted to a single vendor. </span><span style="font-family: 'Trebuchet MS', sans-serif;">Further information about the vulnerability and the attack is available here:</span></div>
<div>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"><span style="font-family: Trebuchet MS, sans-serif;">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</span></a></li>
<li><a href="https://www.openssl.org/~bodo/ssl-poodle.pdf"><span style="font-family: Trebuchet MS, sans-serif;">https://www.openssl.org/~bodo/ssl-poodle.pdf</span></a></li>
</ul>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHVWH86fb6QpcyN8rAAvlMkdUs-1iYXkJOrs57Z1bbSnPwXtkQxH2hjtSMUajmPWz8ATDs5yI5pjkvBf2UEwhLhDBwtsMNTdbxA8IocrPaUjpiKBMUgQp4tngBt-5H57tX94ynbP9NedI/s1600/no_poodle.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHVWH86fb6QpcyN8rAAvlMkdUs-1iYXkJOrs57Z1bbSnPwXtkQxH2hjtSMUajmPWz8ATDs5yI5pjkvBf2UEwhLhDBwtsMNTdbxA8IocrPaUjpiKBMUgQp4tngBt-5H57tX94ynbP9NedI/s1600/no_poodle.png" height="200" width="180" /></a></div>
<div>
<br /></div>
Anonymousnoreply@blogger.com1tag:blogger.com,1999:blog-3913543436677497405.post-19740643921459773902014-10-10T16:34:00.001+01:002015-02-27T15:51:17.364+00:00Passing comment on passwords (Part three)<br />
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">The fallout from the celebrity iCloud hack continued this week with </span><a href="http://www.engadget.com/2014/10/09/apple-unique-passwords-third-party-apps/" style="font-family: Arial, Helvetica, sans-serif;">Apple announcing</a><span style="font-family: Arial, Helvetica, sans-serif;"> that it has added an extra layer of security. So, now if you are an Apple device user and have third party apps that connect to your iCloud (I suspect that will be many of you!) you now need to create a unique password for each app. However, we all know that if you have an Apple device you will have a lot of apps and many of these will be connected to your iCloud, so are we really going to create ‘unique’ passwords for each? I suspect what will happen is that people will use the same password for every app, and therein lies the big problem with passwords in general.</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Today, passwords underpin security. Businesses use passwords in an attempt to add security, for those of us who use them (essentially everyone), security is of course important, but we typically put the emphasis on convenience. Meanwhile, the cybercriminal is on the hunt for them.</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">In an </span><a href="http://news.sky.com/story/1350006/revealed-super-safe-online-password-system" style="font-family: Arial, Helvetica, sans-serif;">article published by Sky News</a><span style="font-family: Arial, Helvetica, sans-serif;">, researchers at Carnegie Mellon University in the US think that they have found the secret formula to creating and remembering up to 14 complex passwords. It suggest that you use a person an action and an object to create a password for example ‘Bill Gates rowing teacup’ or ‘Steve Jobs tasting cheese’ (these are all words that were used in the research). We have had fun playing around with the idea but I can’t see it catching on. I have more than 14 accounts that require passwords, many of them require the use of numbers and non-alphabet characters, and some have a specific character limit which means it simply wouldn’t work. But first and foremost I do not want to spending my day trying to remember if ‘Tiger Woods sheering hen’ or ‘Luke Skywalker juicing owl’ is my Facebook, Amazon or LinkedIn password! And then, if I get that bit right did I add an uppercase letter and exclamation at the end in order to satisfy the need to make it supposedly ‘strong’?</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">The truth is that until we address the imbalance between security and convenience all that is ever being done is papering over the cracks. The fact that academics at Carnegie Mellon University even deemed such research necessary highlights just how crazy the concept of password management has become in our modern lives. What is more, none of this takes in to account the fact that no matter how long and convoluted you make a password, if it is stored somewhere (and you can be sure an organisation has your password as you disclose it every time you logon or transact) then it is vulnerable to theft and abuse.</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">If you want to learn more about how passwords are past it then we will be demonstrating </span><a href="http://www.pingrid.com/" style="font-family: Arial, Helvetica, sans-serif;">PINgrid</a><span style="font-family: Arial, Helvetica, sans-serif;">, at GITEX Technology Week in Dubai next week. We will in hall 3 and on stand C3.</span></div>
<div style="text-align: justify;">
<i style="font-family: Arial, Helvetica, sans-serif;"><br /></i></div>
<div style="text-align: justify;">
<i style="font-family: Arial, Helvetica, sans-serif;">Author: Alissa Lang, Winfrasoft</i><br />
<i style="font-family: Arial, Helvetica, sans-serif;"><br /></i>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<i style="font-family: Arial, Helvetica, sans-serif;"><br /></i></div>
<br />
<span style="font-family: Arial, Helvetica, sans-serif;"><i><br /></i></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Arial, Helvetica, sans-serif;"><i><br /></i></span>Unknownnoreply@blogger.com6tag:blogger.com,1999:blog-3913543436677497405.post-84268033503604708182014-09-26T14:09:00.000+01:002015-02-27T15:52:15.980+00:00Passing comment on passwords (Part two)<div class="MsoNormal" style="line-height: 150%; tab-stops: 105.75pt; text-align: justify;">
<span style="font-family: Arial, sans-serif; line-height: 150%;">I
very much like the idea of needing to remember just one secret that I can use
to logon to all of my online services, so the concept of a password manager is
in many ways very appealing. However, this week I was not at all surprised to
read that a </span><a href="http://www.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-138.pdf" style="line-height: 150%;"><span style="color: windowtext; font-family: "Arial","sans-serif"; mso-bidi-font-style: italic; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;">UC Berkeley report</span></a><span style="font-family: Arial, sans-serif; line-height: 150%;">
has found five popular password managers contained critical vulnerabilities.</span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<span style="font-family: "Arial","sans-serif"; mso-bidi-font-style: italic; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;">My
problem with this type of solution is the fact that every single one I have
investigated to date uses a password at the front-end! Yes it is true that this
approach means you only need to remember just one password, so one major
bugbear of password usage has been nullified. But if someone cracks that code,
then they now have access to all your accounts, meaning halcyon days for the identity
thieves and fraudsters out there.<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<span style="font-family: "Arial","sans-serif"; mso-bidi-font-style: italic; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;">Meanwhile,
it seems that not a day goes by without the revelation of a new biometric innovation
that is heralded as the next big thing in authentication. We have had
fingerprints, palm vein, voice and facial recognition, and now in a </span><a href="http://time.com/3393329/heartid-heart-rhythm-password/"><span style="color: windowtext; font-family: "Arial","sans-serif"; mso-bidi-font-style: italic; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;">story
published online by Time</span></a><span style="font-family: "Arial","sans-serif"; mso-bidi-font-style: italic; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;"> it seems we can now all
be identified by our heart rhythm using an </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Arial, sans-serif;">ECG-authenticating wristband.
Authentication in a heartbeat if you will! <o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Arial, sans-serif;">However, in an
article published by the Washington Post entitled ‘</span><a href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/22/we-know-the-password-system-is-broken-so-whats-next/"><span style="color: windowtext; font-family: "Arial","sans-serif"; mso-bidi-font-weight: bold;">We know the password system is broken. So what’s next?</span></a><span style="font-family: "Arial","sans-serif"; mso-bidi-font-weight: bold;">’</span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Arial, sans-serif;"> </span><span style="font-family: "Arial","sans-serif";">Hayley Tsukayama <span class="apple-converted-space">takes a closer look at the viability of using some
of the mainstream biometrics as an alternative to passwords. Having experienced
biometrics first-hand (I once lived in South Africa in a gated community) I am
very dubious about their effectiveness. When I first moved in we were issued with
a card to gain access, but these were soon replaced by fingerprint readers and
they often failed. As a result the security guard on duty would check to see if
he recognised me and would then use his fingerprint to open the gate. My point
is that if a biometric fails, what do you do? And therefore biometrics will
only ever be as strong as the back-up you have in place. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<span class="apple-converted-space"><span style="font-family: "Arial","sans-serif";">Meanwhile,
amongst the masses of news stories bemoaning passwords an </span></span><a href="http://www.darkreading.com/operations/in-defense-of-passwords/a/d-id/1315719"><span style="color: windowtext; font-family: "Arial","sans-serif";">article published on DARKReading</span></a><span style="font-family: "Arial","sans-serif";"> by Corey Nachreiner stands out like a
sore thumb as he bravely puts a case for the defence of passwords. He argues
that if you adhere to best practice you are likely to be OK. He may have a
point, but the problem with this approach is that it means creating many
different and complex passwords for each of the online resources that you use,
and that brings us back to the reason password managers have grown in
popularity!<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 150%; margin-bottom: .0001pt; margin-bottom: 0cm; mso-outline-level: 4; text-align: justify;">
<span style="font-family: "Arial","sans-serif"; mso-fareast-language: EN-GB;">A password
manager that doesn’t rely on a password would be an immense step in the right
direction in marrying convenience with security. <o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<br />
<div class="MsoNormal">
<i><span style="font-family: "Arial","sans-serif"; mso-fareast-language: EN-GB;">Author:
Alissa Lang, Winfrasoft<o:p></o:p></span></i></div>
<div class="MsoNormal">
<i><span style="font-family: "Arial","sans-serif"; mso-fareast-language: EN-GB;"><br /></span></i>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<i><span style="font-family: "Arial","sans-serif"; mso-fareast-language: EN-GB;"><br /></span></i></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="MsoNormal">
<i><span style="font-family: "Arial","sans-serif"; mso-fareast-language: EN-GB;"><br /></span></i></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3913543436677497405.post-40660049545003904842014-09-12T11:19:00.000+01:002015-02-27T15:54:19.892+00:00Passing comment on passwords<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif;">In the last few weeks passwords have been making headlines for all the wrong reasons. The leaked compromising photos of Jennifer Lawrence and other celebrities were front page news, after they apparently fell fowl of having ‘weak’ passwords to protect their iCloud accounts. This news has prompted an outpouring of advice from experts, telling people how to go about creating ‘strong’ passwords. In contrast <a href="http://www.theregister.co.uk/2014/09/04/scared_of_password_brute_force_microsoft_says_just_give_up/">The Register published a story</a> in which Dinei Florencio and Cormac Herley rubbish the very concept strong passwords<br /><br />Last week Google announced an <a href="http://www.computerworld.com/article/2602955/security0/google-updates-chromes-built-in-password-maker.html">update to its password generator</a> that creates passwords for you and this may prove to be very useful , given that Wednesday it was reported that <a href="http://www.bankinfosecurity.com/5-million-google-passwords-leaked-a-7299">five million Google passwords have been leaked</a> on Russian cybercrime forums.<br /><br />Meanwhile, Yahoo has shared the <a href="https://www.yahoo.com/tech/here-are-500-passwords-you-probably-shouldnt-be-using-96467697789.html">500 password that you should not use</a> (take a look and see if you have any of them. In contrast an <a href="http://uk.pcmag.com/feature/35518/tips-for-sharing-passwords">article published by PC Magazine</a> suggests that: “There are safe and secure ways to share passwords, and as long as you're doing it properly, it's a perfectly acceptable practice.” I would argue that the exact opposite is true. A password is a secret!<br /><br />There is certainly a lot of mixed messages and advice but the cold hard truth is that passwords are not secure, and even if you are diligent and try to make a password as complicate as possible it is still vulnerable, as a story published on Tuesday by <a href="http://www.dailymail.co.uk/sciencetech/article-2749108/Undetectable-Peter-Pan-virus-hits-thousands-Malware-disguised-pantomine-tickets-steal-passwords.html">The Daily Mail</a> highlights. The cybercrime attack involved people are being sent an email invoice regarding the upcoming Peter Pan pantomime in Bournemouth. When the recipient clicks on the message it installs a virus that could potentially steal passwords and other information. <br /><br />As I have said before a password is supposed to be a secret. But a secret is no longer a secret if you tell someone, write or type it, if you are overheard (literally or virtually) saying it, or it is stolen, and this makes the things we use passwords to safeguard vulnerable to those who want to exploit or extort us.<br /><br />This week I would like to leave you with a comment from Eugene Kim published by <a href="http://www.businessinsider.com/authy-is-trying-to-kill-passwords-2014-9">Business Insider</a> in which he says “If there’s anything good that came out of last week’s iCloud leak, it’s that more people are aware of two-factor authentication now.” I couldn’t agree more, but I would suggest taking a close look at PINgrid! <br /><br /><i>Author: Alissa Lang, Winfrasoft</i></span></div>
<div class="MsoNormal">
<i style="line-height: 150%; text-align: justify;"><span style="background: white; font-family: Arial, sans-serif;"><br /></span></i></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhisxSyjvXh7fulzGsECTlKPKO3CSo073ZSVUxkR5Hr_E45EaF-PxjZ4fvhgayGIdWcfTMBDIstx4chcZRsX84b1klWsLaCiFRDkTKPZKVUFnS8bLDFbJF39byfFOY6Nn9seSOoyXHsbiYn/s1600/Alissa+Lang+-+Winfrasoft.jpg" height="320" width="213" /></a></div>
<i style="line-height: 150%; text-align: justify;"><span style="background: white; font-family: Arial, sans-serif;"><br /></span></i></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal">
<i style="line-height: 150%; text-align: justify;"><span style="background: white; font-family: Arial, sans-serif;"><br /></span></i></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-3913543436677497405.post-41495388513899649062014-09-03T10:33:00.000+01:002015-02-27T15:53:22.484+00:00Winfrasoft to Showcase PINgrid the Password Alternative At GITEX Technology Week <div class="separator" style="clear: both; text-align: justify;">
<b style="font-family: Arial, Helvetica, sans-serif;">BRACKNELL, UK -</b><span style="font-family: Arial, Helvetica, sans-serif;"> </span><a href="http://www.winfrasoft.com/" style="font-family: Arial, Helvetica, sans-serif;">Winfrasoft</a><span style="font-family: Arial, Helvetica, sans-serif;">, will be showing visitors to GITEX Technology Week how its award-wining pattern-based authentication solution, PINgrid, is making passwords a thing of the past. The authentication company with be on stand C3-1C at the Dubai World Trade Centre from 12th till the 16th October. </span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"></span><br />
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
<div style="text-align: justify;">
The PINgrid solution is attracting widespread attention from the banking, payments, healthcare and retail communities around the world, as a cost-effective way to replace traditional hard-tokens and to remove the negative impact of the barriers passwords put in the way of accessing online services and corporate networks. To demonstrate the effectiveness of PINgrid, Winfrasoft will run a week long challenge at GITEX Technology Week.</div>
<div style="text-align: justify;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVwZAZFZ0cLvoDSOj-Xj71a3aq6XMFprGgiZa-Z6Me06Gmbm3KJ0rc3SYBmkluRkrqzSwHuFzfl-wvd22k63CDawaYX7WDeAMB1UTFjAMjxWqZ_RXThd1k_1OF7H3wy0GmfIf78OPBBfo6/s1600/Winfraoft+PINgrid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVwZAZFZ0cLvoDSOj-Xj71a3aq6XMFprGgiZa-Z6Me06Gmbm3KJ0rc3SYBmkluRkrqzSwHuFzfl-wvd22k63CDawaYX7WDeAMB1UTFjAMjxWqZ_RXThd1k_1OF7H3wy0GmfIf78OPBBfo6/s1600/Winfraoft+PINgrid.png" height="320" width="267" /></a></div>
<div style="text-align: center;">
<br /></div>
</div>
<div style="text-align: justify;">
Sales and Marketing Director at Winfrasoft, Alissa Lang explains: “Anyone that visits our stand will have as many chances as they like to try login in to a desktop that we have protected through PINgrid. If they can crack the code they walk away with a Microsoft Surface Pro 3.” The 8x8 number grid version of PINgrid has 68.7 billion pattern combinations, so to give people a chance Winfrasoft will be using the standard 6x6 grid configuration that contains just 2.1 billion different combinations! </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Lang adds: “Despite rigorous and regular penetration testing PINgrid has never been cracked. However, the real purpose of the challenge is to get people hands on with the solution and to demonstrate just how strong yet usable it is, whether it is implemented as a 1.5, 2 or even 3 factor authentication solution.” </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
With the PINgrid solution in place an organisation can present the grid-based challenge on-screen in 1.5FA format, or it can be used to transform any smartphone or tablet in to a soft-token using the PINgrid app. The user sets the pattern of their choice and when they want to login they simply type the numbers that feature in their grid pattern in to the PIN box displayed on their laptop, desktop or mobile device screen. As the numbers are constantly changing the code they enter changes.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
“Because the pattern is never revealed and the numbers are forever changing, PINgrid safeguards against common attacks such as keylogging, screen scrapping and even shoulder surfing,” comments Lang. “In fact we will encourage visitors to carefully watch our team login and then try to do the same.” </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Winfrasoft’s attendance at GITEX Technology Week follows a highly successful exhibition of PINgrid at CeBIT in Germany at the invitation of the UKTI and Infosecurity Europe in London earlier this year. To learn more about PINgrid you can watch this short video: <a href="https://www.youtube.com/watch?v=YshA42jh5kg">https://www.youtube.com/watch?v=YshA42jh5kg</a> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
For more information about GITEX Technology Week and to register visit: <a href="http://www.gitex.com/">www.gitex.com</a>. CEO of Winfrasoft, Steven Hope will be available for briefing at the event and to schedule a meeting contact Graham Thatcher on Tel: +44 (0) 2380 111 970 or Email: <a href="mailto:graham.thatcher@mccint.com">graham.thatcher@mccint.com</a>.</div>
</span>Unknownnoreply@blogger.com2