Tag Archive for Cybersecurity

| October 9, 2024
Comments Off on Passkeys: The Future of Online Security

Passkeys: The Future of Online Security

Passkeys: The Future of Online SecurityI have been writing about the impact of bad passwords since 2010. One of the most appalling bad password statistics comes from the Identity Theft Resource Center (ITRC). They have tracked over 1 billion data breach victims in the first half of 2024. Enough is enough, there is finally a workable answer to passwords: passkeys.

Passkeys were developed by the Fast Identity Online (FIDO) Alliance to log in to apps and websites without using a username and password combination. Instead, a passkey uses a pair of cryptographic keys generated by your device to unlock your account. Google and Apple will store your unique public key. Your private key is only stored on your device, and after your device authenticates your identity, the two keys combine to grant you access to your account.

According to FIDO research, 38% of consumers (PDF) are not familiar with passkey technology. A significant percentage of users do not understand passkeys, let alone trust them to protect their data and identities.

How passkeys work: A step-by-step guide

passkeys utilize public-key cryptography.Unlike traditional passwords, passkeys utilize public-key cryptography. That means every passkey has two parts: a public key and a private key. Together, they keep your accounts secure by allowing websites and apps to check that you are who you say you are. Here’s an overview of the passkey process:

  1. Creation: When you create a passkey, your device generates a pair of cryptographic keys – a public key and a private key.
  2. Storage: Apps or websites store your unique public key, while your private key is only stored on your device. After your device authenticates your identity, the two keys combine to grant you access to your account.
  3. Authentication: When you log in, the app or website sends a challenge to your device. Your device uses the private key to sign this challenge, proving your identity without revealing the private key.
  4. Verification: The app or website verifies the signed challenge using the public key. If it matches, you’re granted access.

The benefits of passkeys:

  • The benefits of passkeysStrong by default: You don’t have to create anything manually or worry about whether your private key is long or random enough.
  • No Need to Remember: You only need to authenticate with biometrics (or your device passcode) to sign in to your account.
  • Private Keys Are Never Shared: You don’t have to worry about how the website is storing your credentials.
  • Public Keys Can’t Be Used to Figure Out Your Private Key: If a criminal breaches a website’s servers, the best they can hope to find is your public key. The public key cannot be used to sign in to your account. Nor can it be reverse engineered to reveal your private key.
  • Strong Defense Against Malware: Criminals often create fake but seemingly authentic websites to trick you into sharing your login details.
  • Protection Against Ransomware: Many ransomware attacks start with social engineering emails. Once in, they continue by installing keystroke sniffing software that can watch people enter their IDs and passwords.
  • Improved User Experience: Signing in with a passkey is more convenient, faster, and smoother than using traditional passwords.

Why you should use a passkey instead of a password

Securing your online accounts is more important than ever in today’s digital age. Traditional passwords have been the go-to method for authentication for decades, but they come with several drawbacks. Here’s why you should consider using passkeys instead of passwords:

  • Enhanced Security: Passkeys use public-key cryptography, which involves a pair of cryptographic keys: a public key and a private key.
  • Convenience and Ease of Use: Remembering multiple complex passwords can be a hassle.
  • Protection Against Phishing: Phishing attacks are a common method used by cybercriminals to steal passwords.
  • Reduced Risk of Data Breaches: Data breaches often result in the exposure of millions of passwords.
  • Seamless Cross-Platform Experience: Passkeys are designed to work seamlessly across different devices and platforms.
  • Future-Proof Technology: As technology evolves, so do the methods used by cybercriminals.

Some consumers still don’t trust this form of security because they assume that anyone stealing their phone could log into their accounts. This isn’t true, as the criminal would still need your face, fingers, or eyes.

rb-

Even if you don’t fully trust passkeys, you should distrust your passwords more. It’s likely that your credentials have already been stolen and are on the dark web.

There is wide consensus in the tech community that passwords are an unsustainable security framework. Even password managers that let you use one strong master password could be at risk. First, some of them have been hacked and then there is the risk that those protected passwords are no longer secure.

A reasonable answer

A passwordless system is the only reasonable answer.

There is not a single passkey to solve all problems. You will have different passkeys for different systems and platforms.

However, this doesn’t really matter. The signup for passkeys is easy and consistent on all platforms in that there will never be a password attached to it. It will use the same biometrics you use for your other platforms, services, and their respective passkeys. In other words, it can feel like it’s one passkey for all online systems.

While passwords have served us well for decades, it’s time to embrace a more secure and convenient alternative. Passkeys offer enhanced security, ease of use, and protection against phishing and data breaches. By making the switch to passkeys, you can enjoy a safer and more seamless online experience. It’s true that the industry is still doing a poor job of explaining why you should embrace passkeys, you should like it because passkeys will ultimately save your data and digital identity.

Are you ready to make the switch to passkeys? Let us know your thoughts!

 

Related article

 

Ralph Bach has been in IT for a while and has blogged from the Bach Seat about IT, careers, and anything else that has caught my attention since 2005. You can follow me on Facebook or Mastodon. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| November 12, 2021
Comments Off on McAfee Can’t Stay Out of the News

McAfee Can’t Stay Out of the News

McAfee Cant Stay Out of the NewsLess than 6 months after John McAfee was found dead in his Spanish jail cell, the anti malware company that still bears his name is back in the news. The anti-malware and internet security firm, McAfee announced Monday (11/08/2021) that it had reached an agreement to be bought. The McAfee has been bought by a global investor group in a deal worth more than $14 billion.

McAfee logoMcAfee will move forward as a privately held company. The new firm will be a pure consumer cybersecurity play. McAfee has 20 million subscribers for its security services globally.

McAfee investors

The global investor group is made up of Advent International Corp., Permira Advisors, Crosspoint Capital Partners, Canada Pension Plan Investment Board, GIC Private Limited and a wholly owned subsidiary of the Abu Dhabi Investment Authority.

A billion dollar here and a billion thereMcAfee sold it’s Enterprise business in July, 2021 for $4.50 a share to Symphony Technology Group. The sale equaled $4 billion.

The move takes the publicly-traded company private again after the initial public offering of McAfee by Intel and TPG last year.

rb-

Confused? I don’t. blame you. The firm has a history of changing.

  • 1987 to 1997 – The company was founded as and known as McAfee Associates, Inc.
  • 1997 to 2004 – Network Associates Inc.
  • 2004 to 2014 –  Renamed back to McAfee Associates, Inc.
  • 2014 to 2017 –  The company was part of the Intel Security Group.
  • 2017 to 2020  – The firm was spun out of Intel and renamed McAfee.
  • I don't. blame you2020 – McAfee goes public again with a $740 million IPO on Nasdaq under ticker symbol MCFE. This marked its return to the public market after 9 years.
  • 2021 – McAfee sold it’s Enterprise business to Symphony Technology Group for $4 billion.
  • 2021 – McAfee sold it’s consumer business to an investor group in a deal worth more than $14 billion.

 

Stay safe out there!

 

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| April 27, 2021
Comments Off on Record Breaking Proofpoint Buyout

Record Breaking Proofpoint Buyout

Record Breaking Proofpoint buyoutThoma Bravo agreed to a record breaking Proofpoint buyout. The Chicago-based private equity firm plans to buy out publicly traded cybersecurity company Proofpoint (PFPT). The cash deal values Proofpoint at $12.3 billion. Thoma Bravo has agreed to acquire the company with a $176.00 per share price. That is a 34% premium to its trading price starting 04/23/2021.

Proofpoint buyout

Proofpoint Chief Executive Gary Steele told MarketWatch

Proofpoint logo…in 2020 we generated more than $1 billion in annual revenue – making Proofpoint the first SaaS-based cybersecurity and compliance company to reach that milestone

The board of directors of Proofpoint has approved the Proofpoint buyout agreement, including a deadline called the go shop, which expires on June 9th. This means that the company has 45 days to consider proposals from other parties.

About Proofpoint

Former Netscape CTO Eric Hahn, founded Proofpoint in June 2002. He helped launch the company in 2003 having raised $7m in a Series A funding round. Proofpoint was initially backed by venture capitalists Benchmark Capital and by Stanford University. In 2012, the company went public with an IPO which raised more than $80m.

About Thoma Bravo

Thoma Bravo logoChicago’s Thoma Bravo specializes in technology deals. The PE firm has previously made investments in SolarWinds, a software company that is in the midst of a huge cyberespionage campaign. Thoma Bravo has also bought up controlling stakes in cybersecurity companies in the past, including:

  • Barracuda in a 2017 deal worth $1.6 billion;
  • Imperva for $2.1 billion in October 2018; 
  • Sophos in 2020 for $3.9 billion.

rb-

This is a big deal. The $12.3 billion price tag makes it the biggest cybersecurity acquisition of all time. More than the $7.68 billion Intel shelled out for McAfee 11 years ago. And VentureBeat estimates that the Proofpoint acquisition represents one of the biggest overall technology acquisitions ever, putting it in the top 20, alongside megadeals that include Dell’s $67 billion EMC purchase, IBM’s $34 billion Red Hat deal, and Salesforce’s pending $27.7 billion Slack acquisition.

Stay safe out there !

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| July 14, 2015
Comments Off on TLA Does Good?

TLA Does Good?

TLA Does Good?ZDNet reports that in the last batch of Snowden documents, there may finally be some evidence that some TLA’s were doing some good. They spied on criminals too. Apparently one Snowden document boasts of how “criminals” can be found through a TLA program.

some TLA's spied on criminals and not citizensUsing this program TLAs can identify cyber attackers. ZDNet says that malicious users causing a “distributed denial-of-service” or DDoS attack, where a group of people overload a server or network with a flood of network traffic can be traced and identified. The TLA also used its program to troll online criminal forums.

rb-

Unfortunately, for law-abiding U.S. citizens, none of the Snowden documents to date have shown that the info collected on criminals was used to stop cyber attacks or was passed on to law enforcement to take action.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| February 14, 2013
Comments Off on School Kids’ Data at Risk

School Kids’ Data at Risk

School Kids' Data at RiskGerry Smith writes about the growing amount of school kids’ data being stolen across the country. In the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” the author explains why.  Data thieves want this information to commit identity theft. The author cites several recent cases:

Child identity theftThe article says these incidents highlight the growing risk of school kids’ vulnerability to identity theft. Across the country, schools have become conduits for children’s pristine Social Security numbers. The students’ numbers are increasingly falling into the hands of credit-hungry identity thieves. The frequent data breaches have prompted calls for schools to stop collecting sensitive student data. The breaches have angered parents like Art Staehling, whose 14-year-old daughter was among 18,000 Nashville students who had their Social Security numbers accidentally exposed online for three months in 2009.

They left the gate wide open for data theft

“They left the gate wide open,” Mr. Staehling told The Huffington Post. “It’s clumsiness. There’s no excuse for it. If schools want that information, there should be some sort of penalty paid if they don’t guard it with their lives. I haven’t found a reason why they honestly need it.

Schools collect students' Social Security numbersSchools collect students’ Social Security numbers as part of a campaign to more precisely track their progress. But privacy experts told Huff Post there are less risky ways to identify students. The privacy experts accuse schools of needlessly exposing children to identity theft by gathering their Social Security numbers. Mn then not securing them.

The push for collecting student data began under the federal No Child Left Behind Act. Financial incentives in the 2009 stimulus package, including Race to the Top‘s $250 million in competitive grants drove schools to collect student social security numbers, according to Reidenberg.

No Child Left Behind Act drove schools to collect student social security numbersThe U.S. Department of Education has warned schools not to use students’ Social Security numbers in their databases. The Huff Post says the Feds urge schools to create other unique identifiers. The National Center for Education Statistics warned schools last fall that. They told educators that Social Security numbers are “the single most misused piece of information by criminals perpetrating identity thefts.”

School abuses student’s Social Security numbers

Despite the warnings, the collection and use of student’s Social Security numbers in K-12 schools remain “widespread.” An audit last year by Patrick O’Carroll, the Social Security Administration‘s inspector general. The IG found students’ Social Security numbers printed on transcripts, tests, and athletic education forms. According to the article, the audit concluded that schools were using the numbers “as a matter of convenience.” Mr. O’Carroll found there have been at least 40 data breaches of confidential student information at K-12 schools since 2005.

In his report, O’Carroll wrote.”We believe the unnecessary collection and use of Social Security numbers is a significant vulnerability for this young population. Each time a student provides his or her Social Security number, the potential for a dishonest individual to unlawfully gain access to, and misuse, the number increases.

Read Part 2 here.

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.

Related articles
  • Young children can be identity-theft targets (goerie.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
« Older Entries