developments in authentication

In this week’s roundup we get a reminder of why the Christmas period can be so lucrative for the bad guys on the net who will take any major event as an excuse to try and part you from your cash, personal information or sanity.

We also highlight a cool map which gives a visual representation of the latest cyber attacks in real-time and take a look at a new biometric password which shows a lot of promise.

Lastly, there is the largely overlooked news that retailing giant Amazon has finally instigated two-factor authentication (a method of adding an additional layer of security to your online account) – a quite timely development as the festive season bears down upon us.

Norse Corp's interactive threat map

1. Holiday shoppers should not be fooled by gift card spam

Cloudmark Security’s Andrew Conway gave us a timely reminder last week: the festive season is approaching, and approaching fast.

And what does that mean, beyond presents, mistletoe and mince pies?

The answer of course is an increase in the amount of scams, spam and other ruses you are likely to see in your email inbox over the coming weeks.

Focusing on gift card spam, Conway warns of offers that look too good to be true because… they probably are too good to be true.

Anyone responding to a dodgy invitation to receive ‘free’ money should beware – it may just be a ruse designed to get you to part with your personal information (which itself has value), as well as get you signed up for unwanted telemarketing calls and promotional emails.

My advice: if you receive an offer of a free gift card, simply delete the email and move on with your day.

2. Real Time Map of Cyberattacks

Writing for, technology consultant Debra Shinder recently highlighted a very interesting tool that I’d first come across some time ago but then forgotten about – an interactive, real-time map from Norse Corp.

What’s so special about this map?

It shows worldwide cyber attacks as they are detected while keeping a tally of where those attacks are coming from, which countries are being targeted and the type of attacks noted.

How much use you can get from the information is debatable but it sure looks good.

3. The World’s First Biometric Password Lockdown App is here

The password is dead!

Long live biometrics!

Or so many security professionals would say.

The truth, however, is that biometrics are not as infallible a way of authenticating a person’s identity as they are cracked up to be.

Sure, using a fingerprint or an iris scan is better than having to remember a concoction of numbers, letters and special symbols, but both can be circumvented, by gummi bears and a knife respectively.

So how much better would it be to go back to something you have to be able to recall that isn’t either so simple that it can easily be worked around, or so complicated that you cannot remember it?

Enter BioTect-ID, a new solution from Biometric Signature ID.

As Robert Siciliano writes, BioTect-ID is a symbiosis of two authentication methods which results in a biometric password that uses your finger but not your fingerprints.

Instead, it allows you to draw a ‘password’ in your own inimitable style.

When it comes to unlocking a device, even you don’t have to replicate that password 100% correctly as the system will identify all that factors that went into concocting it in the first place – speed, direction of drawing, height, length and width.

So, even if a bad guy knows what pattern you drew, they will find it impossible to replicate.

It’s very early days for this new tech but it has some promise I think – check it out on Kickstarter.

4. How to enable two-factor authentication on accounts

And, while we’re on the topic of account security and authentication, here is the news that I hope many Amazon customers have been waiting for – the online retailer has joined the two-factor authentication (2FA) party.

Better late than never!

James Vincent of The Verge notes how the additional account security feature arrived with little to no fanfare before going on to explain how customers can implement it via their Account pages.

As he quite rightly mentions, 2FA is worth setting up on every account you have that supports it.

So what are you waiting for…