fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft, Apple, and Google to Support FIDO Passwordless Logins

Microsoft, Apple, and Google to Support FIDO Passwordless Logins

  • Home
  • News
  • Security
  • Microsoft, Apple, and Google to support FIDO passwordless logins
  • 16

Microsoft, Apple, and Google to support FIDO passwordless logins

By 

Sergiu Gatlan
  • May 5, 2022
  • 12:19 PM
  • 4
Lock

Today, Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.

Once implemented, these new Web Authentication (WebAuthn) credentials (aka FIDO credentials) will allow the three tech giants’ users to log in to their accounts without using a password.

Instead of using passwords, they will have the option to opt for verifying their identity using PINs or biometric authentication (fingerprint or face).

“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access,” said Sampath Srinivas, Google PM Director for Secure Authentication.

Also Read: 5 Tips In Using Assessment Tools To A Successful Businesses

“Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.”

The new capabilities should become available across leading platforms, devices, websites, and apps operated by Microsoft, Apple, and Google platforms over the coming year.

FIDO passkey sign in
FIDO passkey sign in (FIDO Alliance)

“These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords,” added Microsoft Identity Division Vice President Alex Simons.

When available, passkeys will remove the requirement of having to sign in to each app or website on every device, adding additional capabilities for more seamless passwordless sign-ins:

  1. Users can automatically access their passkeys on many of their devices without having to re-enroll for each account.
  2. With passkeys on your mobile device, you can sign in to an app or service on nearly any device, regardless of the platform or browser the device is running.

Moving away from using passwords to sign into accounts will make the web more secure since they’re the most common point of entry used by attackers to hijack online identities.

As Vasu Jakkal, Microsoft’s Corporate Vice President, Security, Compliance, Identity, and Management, revealed today, “there are 921 password attacks every second—nearly doubling in frequency over the past 12 months.”

Passwordless sign-in push

Of the three companies, Microsoft has been pushing for passwordless sign-ins across many of its platforms and services for several years now.

Also Read: Intrusion Into Privacy All About Law And Legal Definition

In December 2020, Microsoft reported that over 150 million users logged into their Azure Active Directory and Microsoft accounts without using passwords.

The company began rolling out passwordless login support for all Microsoft accounts in September, allowing its customers to log into their Microsoft accounts without using a password.

In October, the Microsoft Detection and Response Team (DART) said it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities.

One year before, Simons revealed that password spray attacks were among the most popular authentication attacks, as they were behind over a third of enterprise account compromises.

“I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers,” said CISA Director Jen Easterly.

“Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us