Enterprise Security

How can we fight online banking fraud?

Online banking fraud is down by nearly a third in the UK, according to banking industry group Financial Fraud Action (FFA) UK.  This is quite an astonishing figure, which the FFA attributed to a rise in anti-fraud software and chip-and-pin technology. It is great to see the UK demonstrating how to attack online banking fraud […]

Should we trust an internet browser?

Where does trust come from? In Ericka Chickowski’s article on the future of the internet’s authentication mechanisms, she raises the debate about trust being driven by our browsers instead of through our passwords. As I wrote recently on the death of the password, I thought it important to touch upon the user’s ability to make […]

Risk-appropriate authentication vs machine fingerprinting

A recent Wall Street Journal article on the insecurity of passwords confirmed what many of us have believed for some time – the days of password-only authentication are numbered. As well as highlighting the passwords that no one of sane mind should consider using (‘123456’ or ‘password’, anyone?) it also considers some of the various […]

Thoughts on Google’s Two-Factor Authentication – Part One

I read an interesting post by Chris Ripley on BlogCritics last week, looking at Google’s two-factor authentication. In case you missed its recent announcement, the search giant has made two-factor authentication available on its email accounts worldwide. This is a great step in the right direction and it’s fantastic to see people like Chris supporting the […]

Thoughts on Google’s Two-Factor Authentication – Part Two

In the first of these two posts on Google’s two-factor authentication I discussed Google’s authentication push and how this is a good step forward for spreading strong authentication. Here I explain how this can be extended to the workplace and our online bank accounts. If the goal of strong authentication is protecting critical information resources, […]