authentication

Only 28% of financial workforce MFA is phishing-resistant

Only 28% of financial workforce MFA is phishing-resistant 2026-07-10 at 08:41 By Anamarija Pogorelec Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Key challenges preventing universal implementation of phishing-resistant MFA (Source: Secret Double Octopus) Workforce […]

Only 28% of financial workforce MFA is phishing-resistant Read More »

AWS gives its ERP agent deny-by-default rules and a separate identity

AWS gives its ERP agent deny-by-default rules and a separate identity 2026-07-10 at 08:00 By Sinisa Markovic Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand. When those payments sit unmatched for days, cash flow suffers and days sales outstanding climbs. The same pattern repeats across

AWS gives its ERP agent deny-by-default rules and a separate identity Read More »

Non-interactive SSH attacks dominate after login

Non-interactive SSH attacks dominate after login 2026-07-03 at 08:30 By Sinisa Markovic Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from addresses all over the world. The common picture of what comes

Non-interactive SSH attacks dominate after login Read More »

Securing digital keys when your phone unlocks the car

Securing digital keys when your phone unlocks the car 2026-06-18 at 09:00 By Mirko Zorz In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She

Securing digital keys when your phone unlocks the car Read More »

China-linked spies backdoored authentication stack to stay hidden for years

China-linked spies backdoored authentication stack to stay hidden for years 2026-06-15 at 18:27 By Zeljka Zorz A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the results of a forensic investigation published by cybersecurity firm Sygnia. The group’s

China-linked spies backdoored authentication stack to stay hidden for years Read More »

Apple Intelligence can now replace weak passwords without user intervention

Apple Intelligence can now replace weak passwords without user intervention 2026-06-09 at 15:21 By Anamarija Pogorelec Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Source: Apple) Introduced as a standalone app in 2024, Passwords gives users a central place

Apple Intelligence can now replace weak passwords without user intervention Read More »

Let’s Encrypt works toward post-quantum certificates at web scale

Let’s Encrypt works toward post-quantum certificates at web scale 2026-06-05 at 15:49 By Anamarija Pogorelec Let’s Encrypt plans to pursue a post-quantum-safe Web PKI through Merkle Tree Certificates (MTCs), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. The project is targeting late

Let’s Encrypt works toward post-quantum certificates at web scale Read More »

Thieves can pull off keyless car theft in under a minute and here’s how to stop them

Thieves can pull off keyless car theft in under a minute and here’s how to stop them 2026-06-05 at 09:24 By Mirko Zorz A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough.

Thieves can pull off keyless car theft in under a minute and here’s how to stop them Read More »

Microsoft Entra pushes passkeys, tightens identity security

Microsoft Entra pushes passkeys, tightens identity security 2026-06-02 at 15:47 By Anamarija Pogorelec Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and authentication updates Phishing-resistant

Microsoft Entra pushes passkeys, tightens identity security Read More »

The new economics of fraud: Cheaper, faster, more convincing

The new economics of fraud: Cheaper, faster, more convincing 2026-05-22 at 08:29 By Anamarija Pogorelec Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves behavioral manipulation, fragmented

The new economics of fraud: Cheaper, faster, more convincing Read More »

7 hard truths security pros should know: 2026 DevOps Threats Report

7 hard truths security pros should know: 2026 DevOps Threats Report 2026-05-20 at 09:34 By Help Net Security In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your

7 hard truths security pros should know: 2026 DevOps Threats Report Read More »

What happens when your identity provider becomes the kill chain

What happens when your identity provider becomes the kill chain 2026-05-20 at 09:34 By Help Net Security In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in

What happens when your identity provider becomes the kill chain Read More »

Earbud sensors can authenticate users by their heartbeat, study finds

Earbud sensors can authenticate users by their heartbeat, study finds 2026-05-19 at 09:17 By Mirko Zorz Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so

Earbud sensors can authenticate users by their heartbeat, study finds Read More »

ChatGPT advanced account security adds passkeys and hardware keys

ChatGPT advanced account security adds passkeys and hardware keys 2026-05-04 at 02:31 By Anamarija Pogorelec Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and

ChatGPT advanced account security adds passkeys and hardware keys Read More »

FIDO Alliance wants to keep AI agents from going rogue on online payments

FIDO Alliance wants to keep AI agents from going rogue on online payments 2026-04-29 at 05:30 By Sinisa Markovic AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf.

FIDO Alliance wants to keep AI agents from going rogue on online payments Read More »

Your IAM was built for humans, AI agents don’t care

Your IAM was built for humans, AI agents don’t care 2026-04-27 at 11:18 By Help Net Security Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to decide what someone could do. That model served enterprises well

Your IAM was built for humans, AI agents don’t care Read More »

Users advised to drop passwords and make room for passkeys

Users advised to drop passwords and make room for passkeys 2026-04-24 at 23:26 By Sinisa Markovic In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, positioning them as the future of authentication. “Passkeys should become consumers’

Users advised to drop passwords and make room for passkeys Read More »

Google brings instant email verification to Android, no OTP needed

Google brings instant email verification to Android, no OTP needed 2026-04-23 at 15:10 By Anamarija Pogorelec Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API standard. It provides a unified way for apps to request and retrieve user credentials for authentication

Google brings instant email verification to Android, no OTP needed Read More »

Scroll to Top