When looking at identity security solutions for your organization, you may find that many vendors offer native multi-factor authentication (MFA - also known as 2-factor authentication, or 2FA). When presented with the ability to do this by the app in question, why would you look at any other solutions? This is especially true when the product in question offers what seems to be "good enough" protection in the first place.
Today, we are excited to announce that SecureAuth and Core Security are merging to become one company. Core Security is a leader in vulnerability discovery, identity governance, and threat management, which is highly complementary to the identity security technology SecureAuth pioneered and continues to be a leader in today. Together, our mission is to accomplish what no other security technology vendor can claim: Secure the enterprise across all major threat vectors with an identity-based approach to the attack lifecycle.
The news of the massive Equifax data breach broke last week, and the collective shrug of yet-another-data-breach was deafening. The fact that it happened to a credit reporting service that is known for offering identity protection in the wake of other people’s data breaches is ironic, but beyond that, it’s just another in a string of data breaches that have impacted every American by this point.
Recently Troy Hunt released 320 million hashed passwords collected from breaches (https://haveibeenpwned.com/Passwords) so I thought I’d run an experiment on that data based on common password tweaking techniques. I wanted to see if I could find tweaked variations of a given password in Troy’s data set.
It’s 2017, and data breaches are occurring at a record pace. It’s no wonder, then, that Americans are becoming increasingly anxious about their online security. Our recent report with Wakefield Research says Americans are much more likely to be concerned with their online personal information being stolen (69 percent) than their wallet being stolen (31 percent).
If you’re an IT pro, you’re likely aware of the very real damage that can result from even one user’s credentials being compromised. Once attackers have a foothold in your systems, they can linger for months, steadily increasing their permissions until they find and steal your most valuable data. Many organizations are already working to strengthen their security posture for preventing the misuse of stolen credentials. But one very real risk is typically overlooked: the social and personal credentials of our end users.