Collaborating Authors

Okta offers free multi-factor authentication with new product, One App


Okta on Wednesday is introducing a new product called One App for smaller organizations -- or organizations that need security for early-stage projects -- that need a more affordable entry point into Okta. One App takes Okta's enterprise-level IT products and exposes the underlying service layer, Alex Salazar, VP of Okta's developer platform, explained to ZDNet. An organization can assemble those products any way they want. Those products include multi-factor authentication, social authentication, centralized identity management and more. "We're doing our part to give these organizations the Lego blocks they need to assemble this stuff the right away, even if they're not experts in it," Salazar said.

More companies use multi-factor authentication, but security still weak from poor password habits


Organizations spend a lot of time, money, and energy protecting themselves from hackers and cybercriminals. Much of that effort goes toward securing their networks, data, and other assets. But all that security can go only so far if your employees aren't protecting their own logins, accounts, and information. Such tools like multi-factor authentication has gained traction, but the poor use and management of passwords remains a thorn in the side of security, says a report released Tuesday by LastPass. In an analysis of more than 47,000 organizations around the world that use LastPass for password management, LastPass found that 57% adopted multi-factor authentication (MFA), up 12 percentage points from last year's report.

Multi-factor authentication: Use it for all the people that access your network, all the time


The most common way cyber-criminal hackers break into enterprise networks is by stealing or guessing usernames and passwords. The attacks, whether the goal is stealing information, executing a ransomware attack or any other means of cybercrime represent a major risk to organisations of all kinds – but there's one thing that information security teams can do to dramatically help protect the network and its users from cyber criminals. "You want to be using strong authentication for anyone that accesses your environment," Ann Johnson, corporate vice president of security, compliance & identity business development at Microsoft told ZDNet Security Update. "We know that, 99% of hacks have some type of password element, however that password was stolen. Using strong authentication will at least give you a first line of defence against that," she said, adding: "Use multi-factor authentication for 100% of the people that access your environment 100% of the time".

Strong authentication protects against phishing. So why aren't more people using it?


Almost every compromised Microsoft account lacks multi-factor authentication, but few organizations enable it even though it's available, according to Microsoft. In Microsoft's new Cyber Signals report, the company says that as at December 2021, just 22% of customers that use is cloud-based identity platform Azure Active Directory (AAD) have implemented "strong identity authentication", which includes multi-factor authentication (MFA) and passwordless solutions, such as the Microsoft Authenticator app. MFA is one of the best defenses against remote phishing attacks as logging in to an Office 365 account with a compromised password requires that the attacker also has physical access to a second factor, like an account owner's smartphone. As Microsoft has previously highlighted, if you do have MFA enabled, you're almost guaranteed to be protected. Last year it revealed that 99% of compromised Microsoft accounts did not have MFA enabled.

This new Android malware bypasses multi-factor authentication to steal your passwords


A newly discovered form of Android malware steals passwords, bank details and cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. The malware has been detailed by cybersecurity researchers at F5 Labs, who've dubbed it MaliBot. In addition to remotely stealing passwords, bank details and cryptocurrency wallets, MaliBot can access text messages, steal web browser cookies and can take screen captures from infected Android devices. It can also get around multi-factor authentication (MFA) – one of the key cybersecurity defences people can use to protect themselves against cyber criminals. Like many Android malware threats, MaliBot is distributed by sending phishing messages to users' phones via SMS text messages (smishing) or attracting victims to fraudulent websites. In both cases, victims are encouraged to clink on a link, which downloads malware to their phone.