Bash Bug laughs in the face of traditional password protectionSecurEnvoy 17/10/2014 Archive
The ease with which hackers can steal sensitive login details from companies was recently highlighted by the Bash Bug vulnerability, which is also known as Shellshock. Companies that rely only on passwords to protect login procedures risk allowing malware to enter their networks. SecurEnvoy, the inventor of tokenless two-factor authentication, protects against such malware by using additional login security. The flexibility and cost effectiveness of the method will be demonstrated by the company, together with the Dutch distributor TechAccess, from 29 to 30 October at the Infosecurity.nl IT fair in Utrecht (stand A132).
Spam, Phishing, Hackers: These will be key topics at the Dutch Infosecurity.nl trade fair. International security experts will gather there to discuss, for example, IT threats such as Bash Bug, Heartbleed, etc. while also showcasing new security solutions designed to eliminate potential sources of risk. One such potential source is the traditional use of simply a password to protect network access – a godsend for hackers. To counter this risk, many companies have now turned to two-factor authentication using dedicated physical tokens such as smart cards. These provide users with further protection as a supplement to their username and password.
Using smartphones as malware destroyers
However, this method can be very inflexible for businesses in the long run, as staff must always carry these devices with them and they are also easily lost. SecurEnvoy wanted to minimise such overheads and therefore developed an authentication method that does not require costly dedicated tokens. The passcode used for network authentication is provided to users directly on their private smartphones, tablets or other mobile devices via SMS, e-mail, voice call or soft token app.
A new option that has recently been introduced by SecurEnvoy is the offline One Swipe function. This technology combines the PIN/password with a one-time QR code. No mobile phone reception or internet connection is required when logging into a network using One Swipe. The user first enters his/her PIN into the soft token user interface. The smartphone or tablet then generates a one-time QR code. If this code is then scanned using a webcam on a computer or mobile device, One Swipe provides all the information required to authenticate the user: the authentication method is just as simple as it is secure.
Visitors to Infosecurity.nl. can discuss issues with SecurEnvoy and its distributor TechAccess, and see One Swipe in action, at stand A132. In addition, posts by the security expert SecurEnvoy about current IT vulnerabilities, such as Bash Bug and Heartbleed, are regularly added to its blog.