Categories Topics
Description
Authentication

Overview
Authentication is the process to verify the identity of an individual, originator or receiver of information. Authentication will require at least identity (such as user login ID) and one more mechanism to prove your identity (such as passwords and/or tokens).

Guidelines

Authentication requires a key piece of information that only the user knows, such as:

  • Something you have (such as a token that generates one-time, random PINs or passwords)
  • Something you are (such as biometric devices like a fingerprint device)
  • Something you know (such as passwords)
  • Somewhere you are (location)

Two or more of these categories of authentication is also known as "two factor" (or also Strong) authentication. This method is recommended to improve security for remote access users (or teleworkers) as well as access to highly sensitive, critical systems.


Topic Category
Access Control
Asset Management
 
News Articles
Google: Security Keys Neutralized Employee Phishingkrebsonsecurity.com7/23/2018
Google Chrome: HTTPS by default D-Day is tomorrow, folkswww.theregister.co.uk7/23/2018
Password reset flaw at internet giant Frontier allowed account takeoverswww.zdnet.com6/9/2018
Facebook now supports 2FA via authenticator appswww.helpnetsecurity.com5/29/2018
Reddit rolls out 2FA to all its userswww.tripwire.com1/25/2018
Lifestyle pin-up site Pinterest: Hack attempts blamed on 'credential stuffing'www.theregister.co.uk12/11/2017
Stupid, stupid MacOS security flaw grants admin access to anyonewww.zdnet.com11/28/2017
Deloitte: ‘Very Few Clients’ Impacted by Cyber Attackthreatpost.com9/25/2017
Sony social media accounts hijacked as hackers claims to have stolen PSN databasehotforsecurity.bitdefender.com8/21/2017
Windows, Linux distros, macOS pay for Kerberos 21-year-old 'cryptographic sin'www.zdnet.com7/14/2017
UK Parliament hack: Really, a brute-force attack? Really?www.theregister.co.uk6/26/2017
40,000 Subdomains Tied to RIG Exploit Kit Shut Downthreatpost.com6/5/2017
Shift in password strategy from NISTwww.scmagazine.com5/22/2017
LastPass now supports 2FA auth, completely undermines 2FA authwww.theregister.co.uk5/19/2017
Microsoft finally bans SHA-1 certificates in Internet Explorer and Edgewww.networkworld.com5/10/2017
Bank gets lesson in the security failings of third partieswww.computerworld.com4/11/2017
‘Anonymous’ FTP Servers Leaving Healthcare Data Exposedthreatpost.com3/29/2017
D-Link DIR-130 and DIR-330 routers vulnerablewww.scmagazine.com3/16/2017
Google’s CAPTCHA Service Now Goes Invisible for Human Userswww.tripwire.com3/9/2017
Stuffed toys database left personal data exposed, says security expertwww.zdnet.com2/28/2017
Samsung mulls iris scanners on smartphones to log into Windows PCswww.computerworld.com2/26/2017
Thousands of Hadoop clusters still not being secured against attackswww.scmagazine.com2/10/2017
Recent WordPress vulnerability used to deface 1.5 million pageswww.networkworld.com2/10/2017
Facebook Creates Authentication Feature for GitHub Account Recoverywww.tripwire.com1/31/2017
Facebook gets physical for safer loginswww.helpnetsecurity.com1/27/2017
Researchers propose a way to use your heartbeat as a passwordwww.computerworld.com1/20/2017
YubiKey for Windows Hello brings hardware-based 2FA to Windows 10www.zdnet.com12/23/2016
Critical flaw opens Netgear routers to hijackingwww.helpnetsecurity.com12/12/2016
Hacker can backdoor your computer and router in 30 seconds with $5 PoisonTap devicewww.computerworld.com11/16/2016
OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijackingthreatpost.com11/10/2016
Here’s to more HTTPS on the web!security.googleblog.com11/3/2016
Sony enables two-factor authentication for PlayStationwww.scmagazine.com8/26/2016
Social Security Administration Now Requires Two-Factor Authenticationkrebsonsecurity.com8/1/2016
IRS kills electronic filing PIN feature due to repeated attackswww.networkworld.com6/27/2016
Google wants to kill off passwords for logging into your Android smartphonewww.zdnet.com5/24/2016
Microsoft to begin SHA-1 crypto shutoff with Windows 10's summer upgradewww.computerworld.com5/2/2016
Twitter password recovery bug exposes 10,000 users' personal informationwww.computerworld.com2/18/2016
Attackers Leverage Duplicate Logins to Compromise 21M Alibaba Accountswww.tripwire.com2/5/2016
Major banks to roll out ATMs that use smartphones for authenticationwww.scmagazine.com2/2/2016
Google Chrome gets ready to mark all HTTP sites as 'bad'www.zdnet.com1/28/2016
Google tries again to kill the password, tests new auth idea via your phonewww.computerworld.com12/23/2015
Potent OWA backdoor scores 11,000 corporate creds from single bizwww.theregister.co.uk10/6/2015
Valve patches huge password reset hole that allowed anyone to hijack Steam accountswww.computerworld.com7/27/2015
Snapchat steps up its security with login verificationnakedsecurity.sophos.com6/11/2015
Windows 10 will work with FIDO specs for password-free access, says Microsoftnakedsecurity.sophos.com2/18/2015
Apple's "two-step" security now protects iMessage and FaceTime, toonakedsecurity.sophos.com2/13/2015
Military Signs Deal For 'Next Gen Passwords'uk.finance.yahoo.com1/28/2015
Taylor Swift's Twitter and Instagram accounts hackednakedsecurity.sophos.com1/28/2015
Security group plans for a future without passwordswww.computerworld.com12/9/2014
Intel looks to tame passwords with biometricswww.computerworld.com11/24/2014
Verizon launches credential cloud servicewww.zdnet.com6/23/2014
Google Adding Security Checks to Non-OAuth 2.0 Compliant Appsthreatpost.com4/24/2014
5 biometric alternatives to the passwordwww.cnn.com4/4/2014
Researcher lights fire under Tesla securitywww.theregister.co.uk4/1/2014
Tumblr beefs up security with two-factor authenticationnakedsecurity.sophos.com3/26/2014
Samsung's Galaxy S5 Takes Steps Forward, Though Tiny Onesabcnews.go.com2/24/2014
PayPal 'n' Google's FIDO drops 'simpler, stronger' secure login specwww.theregister.co.uk2/12/2014
Multifactor authentication extended to all Office 365 usersnews.cnet.com2/10/2014
Snapchat bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBEwww.theregister.co.uk2/10/2014
Engineer bypasses Snapchat's CAPTCHAs with fewer than 100 lines of codewww.scmagazine.com1/23/2014
SEA hijacks Microsoft Twitter accounts, Xbox support blog and Technetnakedsecurity.sophos.com1/14/2014
CES 2014: A Technological Assault on the Passwordwww.technologyreview.com1/8/2014
OpenSSL Hackers Used Weak Password at Web Host to Deface Sitethreatpost.com1/3/2014
Skype's Twitter account, blog hacked to spread anti-Microsoft messageswww.theregister.co.uk1/2/2014
Microsoft joins tech giants and FIDO in the fight for simpler, safer authenticationnakedsecurity.sophos.com12/16/2013
Biometric smartphones to become mainstream in 2014, Ericsson sayswww.zdnet.com12/11/2013
Google eyes password-free authentication in Chrome OSnews.cnet.com12/10/2013
Microsoft Adds New Security Features to Accountsthreatpost.com12/10/2013
Buffer launches two-factor authentication after breachwww.zdnet.com11/26/2013
Apple's iCloud cracked: Lack of two-factor authentication allows remote data downloadwww.zdnet.com10/21/2013
Back door found in D-Link routerswww.theregister.co.uk10/13/2013
Apple's advanced fingerprint technology is hacked; should you worry?www.zdnet.com9/23/2013
Google security exec: 'Passwords are dead'news.cnet.com9/10/2013
If the New iPhone Has Fingerprint Authentication, Can It Be Hacked?www.wired.com9/9/2013
BlackBerry joins online authentication standards alliancewww.zdnet.com9/5/2013
Google yanks its token-eating iOS authentication app from App Storewww.zdnet.com9/4/2013
Web Services Finding Religion with Two-Factor Authenticationthreatpost.com6/3/2013
Two-step authentication becoming new normal as LinkedIn adds optionwww.zdnet.com5/31/2013
Motorola shows off tattoo and swallowable password hardwarewww.theregister.co.uk5/31/2013
Amazon unveils single sign-on service for Web sites and appsnews.cnet.com5/29/2013
Two-factor authentication: What you need to know (FAQ)news.cnet.com5/23/2013
Twitter locks down logins by adding two-factor authenticationwww.theregister.co.uk5/22/2013
Syrian hacktivists hijack Telegraph's Facebook, Twitter accountswww.theregister.co.uk5/21/2013
Breaking news, LITERALLY: Financial Times vandalized by hackerswww.theregister.co.uk5/17/2013
Intel's McAfee brings biometric authentication to cloud storagewww.computerworld.com5/14/2013
Bank security weaknesses led to cyber looting of $45M from ATMswww.computerworld.com5/10/2013
Google releases new 5 year Roadmap for Strong Authenticationgoo.gl5/9/2013
Twitter 'rolling out two-factor authentication soon'www.zdnet.com4/24/2013
Hackers favor authentication-based attacks, report showswww.zdnet.com4/24/2013
Google joins FIDO's crusade to replace passwordsnews.cnet.com4/23/2013
Microsoft Account Gets More Secureblogs.technet.com4/17/2013
Microsoft to add dual-factor sign-on security 'soon': reportnews.cnet.com4/9/2013
Skype, Dropbox Patch Critical Facebook Authentication Bugsthreatpost.com4/4/2013
Missouri Court Rules Against $440,000 Cyberheist Victimkrebsonsecurity.com3/26/2013
Apple pulls iForgot password recovery system over security bugwww.theregister.co.uk3/23/2013
Apple adds two-factor authentication to Apple IDwww.zdnet.com3/22/2013
Doctors 'used fake fingers' to clock in for colleagues at ERnews.cnet.com3/13/2013
Is two-factor the savior for secure logins?www.zdnet.com3/11/2013
SaaS integration challenges pose security riskswww.zdnet.com3/7/2013
NTUC Income adopts S'pore 2FAwww.zdnet.com3/6/2013
Following hack, Evernote speeds move to two-factor authenticationwww.computerworld.com3/5/2013
Google squishes login-bypass bug that opened door to hijackerswww.theregister.co.uk2/27/2013
Google Says Gmail Security Measures Have Reduced Account Hijacks By 99 Percentthreatpost.com2/19/2013
Flaws in Emergency Alert System Hardware Allow Remote Login, Zombie Alert Insertionthreatpost.com2/14/2013
Lenovo, PayPal, launch post-password planwww.theregister.co.uk2/13/2013
Google sees one password ring to rule them allwww.computerworld.com1/18/2013
Passwords hanging around like an ugly old dorm couchwww.zdnet.com1/10/2013
Dropbox Now Offers Two-Step Authenticationkrebsonsecurity.com8/27/2012
DHS investigating Siemens 'flaw' in power plant securitywww.zdnet.com8/22/2012
Amazon addresses security exploit after journalist hacknews.cnet.com8/7/2012
How Apple let a hacker remotely wipe an iPhone, iPad, MacBookwww.zdnet.com8/5/2012
Federal appeals court raps bank over shoddy online securitywww.computerworld.com7/5/2012
Vulnerability allows brute force hacking of wireleless routerswww.scmagazine.com12/28/2011
Title Firm Sues Bank Over $207k Cyberheistkrebsonsecurity.com11/14/2011
(At least) 4 web authentication authorities breached since Junewww.theregister.co.uk10/27/2011
RSA Blames Breach on Two Hacker Clans Working for Unnamed Governmentwww.wired.com10/11/2011
Who Else Was Hit by the RSA Attackers?krebsonsecurity.com10/1/2011
Policies
Authentication Management Policy
User System Session Policy
Standards
FIPS 201-2 Standard for Personal Identity Verification of Federal Employees and ContractorsFIPS9/5/2013
NIST SP 800-63-3 Electronic Authentication GuidelineNIST6/22/2017