one-time passwords

Taking the human factor out of phishing prevention

Phishing attacks are on the rise: the Anti-Phishing Work Group's April 2011 Global Phishing Survey (pdf) reports 67,677 phishing attempts in the second half of 2010, up from 48,244 in the first half of 2010, but down significantly from the 126,697 attacks recorded in the year-earlier period due to the Avalanche botnet.

Phishing attempts lasted an average of 73 hours in the last six months of 2010, up from 58 hours on average in the first half of the year, and from just under 32 hours in the second half of 2009.

When it comes to … Read more

Use your mobile phone for secure Web sign-ins

In the battle to protect our data, passwords are the first line of defense. Unfortunately, passwords are a pain to manage.

We're told not to use the same passwords over and over, and we're discouraged from using ones that are easy to guess, but the complicated passwords Web sites and IT managers prefer--and often require--are difficult to remember. Many people continue to use passwords that are too simple: Help Net Security's analysis of 32 million breached passwords found that nearly half were trivially easy to guess.

VeriSign expands its two-factor token network

On Wednesday, VeriSign invited companies to join their VeriSign Identity Protection (VIP) Network by announcing the VIP Quick Start. As encouragement, vendors who sign up between now and September 30 will receive 5,000 free tokens to distribute to their customers. The customers can then use the tokens on any of the participating VIP sites.

VIP is part of a two-factor authentication process created by VeriSign. Customers are given tokens or cards that display a digital password that's time-synced with a server on the corporate bank end. When one goes to access the site, you simply enter the digital … Read more