Authentication on PCs: Recommendations from Security Experts

Authentication is an important part of working on a computer, whether logging on, opening encrypted data or using web services like PayPal. Usernames and passwords still play an important role, even if many experts advise against using passwords as the only authentication method. Even approaches to passwords have changed over time. Until recently, experts recommended choosing complex passwords using special characters, numbers and uppercase and lowercase letters. However, many professionals now consider that complex passwords are inconvenient for users, especially if they must be changed frequently. Phrases such as a quote from a book or a sentence which is relevant to the log-in context are more meaningful for users. Such phases can easily reach more than 20 characters and are nevertheless much easier to remember than complex, eight-letter combinations of letters and numbers.

Another plea for multi-factor authentication

A hacking and cyberespionage group is currently targeting industrial control systems at energy companies. According to a survey by Symantec they have broken into 27 corporate networks so far. The Dragonfly group, also known as Energetic Bear is using spear phishing campaigns and malware-infected websites to collect credentials for corporate networks. Dragonfly has been active since at least 2011 and was exposed by security analysts in 2014. Afterwards, the group seemed to go underground and has only recently emerged again in the public eye. Symantec researchers refer to the current attacks as “Dragonfly 2.0” because they replicate many aspects of the previous attacks. The attacks target industrial control systems (ICS) which belong to companies that operate pipelines, generate electricity, and other energy-related companies. The Dragongly group appears to be particularly active in Switzerland, Turkey and North America.

Top 5 security vulnerabilities are always the same

The research and analyst firm techconsult issued a summary of the five major security vulnerabilities in SMEs and public organizations in Germany at the start of 2017. Their annual study Security-Bilanz Deutschland reviews IT and information security based on a representative survey of more than 500 interviews in companies and non-profit organizations. The results are sadly not that surprising each year. Although the organizations surveyed are aware of the problems and have the resources to deal with them, unfortunately they either approach issues through the wrong channels, inconsistently or too late.

Open Haus: Multi-Factor Authentication [VIDEO]

NCP has been present at a number of industry events throughout the year, from it-sa in Nuremberg to SC Congress in New York to INTERFACE in Denver. While these gatherings offer great opportunities for reconnecting with our friends and partners, as well as reaching out to new clients, they also provide an invaluable time for taking the industry’s temperature, so to speak. And if there was one thing we found that was on nearly everyone’s minds this year, it was the growing need for two-factor (or multi-factor) authentication. As data breaches caused by spear-phishing and social engineering tactics have become both increasingly more frequent and more damaging, multi-factor authentication emerges as a common sense solution for reducing the success rate of these cyberattacks. Unfortunately, it’s not as simple as flicking a switch. Cybersecurity budgets may be increasing, but IT professionals are still struggling with the amount of resources they have, and are unsure about where to shift their priorities. How to implement multi-factor user authentication, or how to determine which VPN or defense-in-depth solution offers the best multi-layer fit for your organization, are all pain points for enterprises. How It Works That’s what gives NCP Secure Enterprise Management (SEM) such a leg up on the competition. Unlike other secure remote access VPN providers, NCP’s solution provides integrated multi-factor authentication safeguards to help give your organization greater peace of mind. Protecting login information with just a username and password isn’t safe anymore; it’s all too easy for hackers to guess around these, especially when so many users have simple passwords to begin with. Two-factor or multi-factor authentication setups, instead, require...

CIA Director’s Hacked Email Shows Need for Multi-Factor Authentication

There’s a certain irony to the way the U.S. government approaches encryption and data privacy for its citizens, while simultaneously falling victim to major data breaches itself through embarrassing security lapses. Up until recently, law enforcement agencies like the FBI had lobbied hard for companies like Apple and Google to be forced to program encryption “backdoors” into their services, like iMessage, so that they could listen in on the otherwise-blocked communications of suspected criminals or terrorists. Silicon Valley’s response (and what the White House eventually sided with) was that opening a “backdoor” for law enforcement is tantamount to ultimately opening a backdoor for anyone. The FBI and NSA counter-argued that they would be in control of the keys to those doors, and that user data would be safe with them. That was a hard argument for privacy advocates to accept then, and it’s even less likely to win over anyone now in light of a new data breach scandal. The Guardian recently reported that a pair of hackers managed to access the personal AOL email account of John Brennan, director of the CIA. Not only that, but the data that was compromised through the breach – which included the names, contact information, security clearances and Social Security numbers of around 20 CIA employees – was leaked and published to Twitter. While the contents of these emails were, in Fortune’s words, “mundane” and “peanuts as far as actual revelations and public interest is concerned,” the fact remains that a pair of reportedly teenage hackers managed to hack into the email account of the U.S. Director of Central Intelligence. The joke...