Request a Demo
Welcome to the Cygilant Blog

Should You Switch from SMS-based Two-factor Authentication to U2F Fobs?

Posted by Trevan Marden on Aug 1, 2018

The quick answer is probably yes, wherever you can.

Google recently announced that since deploying physical security fobs to all of its employees, none had been successfully phished on work-related accounts. Google also announced plans to introduce its own hardware fobs – the Titan Security Key, although they look suspiciously identical to those currently offered by Feitian. This may be the endorsement needed to force greater support for the U2F standard which employs a physical fob to generate authentication tokens as a second factor.

T-Mobile Port Out Scam Highlights Weakness in SMS-based Multi-Factor Authentication

Posted by Trevan Marden on Feb 9, 2018

As we have all likely heard, passwords are really not very secure these days; some would say they never have been. If you must use passwords, hopefully you take a few simple steps to make them more secure, such as making them long (12-30 characters) and complex (odd characters and no patterns). Perhaps you are using a generator to make them random and avoid dictionary words, pets’ or significant others’ names. If you’re striving for extra security you may have enabled second-factor authentication, to ensure you’ll receive a text, email, or other confirmation on a device you will likely have on you.

Is U2F the Answer to MFA?

Posted by Trevan Marden on Nov 8, 2017

It’s 2017 and while traditional password-based authentication is still widely used, security experts have long realized that traditional passwords are not enough to keep malicious intruders out. Even with requirements for password length, sophisticated complexity, and frequent changes, even the best password is still only one piece of information that’s required to gain access. 

Multi-factor Authentication: Shifting the Point of Failure?

Posted by Trevan Marden on Aug 25, 2017

Multi-factor authentication is often pointed to as a great step in increasing security for account access. In addition to your password, “something you know,” you’ll also need access to your cell phone, “something you have.” For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account. However, problems arise if your access to your cell phone is compromised.

Fear (Multi-)Factor

Posted by John Linkous on Mar 27, 2017

During the early-to-mid 2000’s, the NBC network aired a successful reality television show called “Fear Factor.”  In that show, contestants competed by attempting a broad range of terrifying stunts, eating grotesque foods, and a range of other activities designed to exploit their innate fears.  The contestants, one assumes, had weighed the value of the show’s prize against the risks of the unknown, and decided to participate in the hopes of gaining the $50,000 top prize.

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All