Tag

Password Reset Archives - Ilantus Technologies

Passwords have been eating our brains

By | IAM, Uncategorized | No Comments

Passwords

In the last twenty years authentication is based primarily on three factors: something a person “knows”, “has” and “is”. This led to the emergence of authentication based on (passwords, PINs, images, pattern), devices (smartcard & USB tokens, OTP etc) and biometric traits (biological and behavioral based systems).

Last five years have seen the emergence of a fourth factor. “Risk-based authentication”. This can take into account a number of factors, user and network information, positive device identification, user profiling etc. Based on the status & information of these factors a risk score is calculated by the authentication system. If the risk score exceeds a threshold the level of authentication is elevated. Else access with minimum authentication is allowed.

FIDO Alliance (Fast Identity Online)  is a consortium launched in 2013 to address the issues caused by lack of inter-operability among authentication devices and problems faced with password management. This technology is being increasingly used in Risk-Based Authentication.

With major advances in authentication technology, the password-less world is finally knocking at our doors!

[styled_button title=”Request a Demo” href=”https://www.ilantus.com/xpress-password-manager/request-a-demo/” link_target=”_blank” title_align=”text-center” display=”inline” button_height=”” text_size=”25″ letter_spacing=”” font_weight=”300″ text_color=”text-white” style=”style-2″ bg_color=”bg-second” icon=”” icon_size=”30″ icon_style=”” icon_color=”icon-color-white” border_width=”3″ border_style=”solid” border_radius=”5″ border_color=”border-color-second”]

UBER got hacked

By | Uncategorized | No Comments

Ride-sharing technology company Uber, concealed a hack that affected 57 million customers and drivers. The hack took place in 2016 and then-CEO Travis Kalanick reportedly was privy to the fact.

The hack was carried out by two perpetrators who were able to access a private GitHub coding site used by Uber software engineers. The hackers then accessed data stored on an Amazon Web Services account that handled computing tasks for the company. This, they were able to accomplish with login credentials they were able to obtain. These hackers then found an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. The hackers were able to get 57 million names, email addresses and mobile phone numbers. The names and driver’s license numbers of around 600,000 drivers in the United States were also compromised.

What is coming out from many of the recent hacks is that the hacking happens in a chain of events. A person (mostly an employee of the company that gets hacked) also has accounts in other places that may not be so secure. The hacker picks up the login details, passwords and other credentials from those places and tries it out in the company account to get vital information. Hillary Clinton’s campaign hacking also happened that way where the hackers first got information from the gmail accounts which obviously were not so secure. The recent hacking at Onelogin had a similar Modus Operandi followed by the hackers.

 This points at two things. First, it is the Management of Identity of the person that is more important than just securing his company account. Second, hackers attack the weakest link in the chain to get vital clues that are then used to attack important accounts. In any case it is important to secure the vital accounts thru MFA (Multi Factor Authentication) and strong Password Management.

One Login hacked: Raises questions on selection of SSO Solutions

By | IDaaS | No Comments

Password Manager and Single Sign-On provider Onelogin recently got hacked. Company’s chief Security officer Alvaro Hoyos said it is working with law enforcement. Onelogin believes that all customers served by its US data centers are affected and customer data was potentially compromised.

It said “Our review has shown that a threat actor obtain access to a set of keys and used them to access the AWS API from an intermediate host with another, smaller service provider In the US.”

The above kind of increasing incidents clearly show there is a need to review the following while selecting a SSO solutions:

  • The data centers used by intermediate host (if any) of SSO solution providers.
  • Whether SSO solution is to be used in traditional “In premise” rather than cloud mode.
  • For information ILANTUS uses only Microsoft Azure and no intermediate hosts. ILANTUS also provides both cloud and In premise models.