Tag Archive for: Implement

Ways to Implement Multifactor Authentication Without a Mobile Device

/in


Passwords are hard to remember and even harder to change periodically, and it’s increasingly difficult to devise strong credentials. Instead of confronting the challenge, many users rely on weak passwords and reuse them for multiple accounts. This makes it easy for cybercriminals to guess credentials or obtain them via phishing attacks.

Once gathered, credentials can be sold on the dark web. Then, both the original criminal and hordes of other attackers can gain access to personal and work-related systems and data.

Two-factor authentication (2FA) and multifactor authentication (MFA) are accepted ways to make credentials much less vulnerable. 2FA relies on a combination of something you know (e.g., username/password) and something you have (e.g., your mobile phone or computer, a keycard or a USB) or something you are (e.g., a scan of your iris or fingerprint) to ensure that only authorized individuals can access sensitive systems and information.

MFA can involve all three factors. With MFA, even if the username/password combination is stolen, accessing an account is extremely difficult because criminals won’t be able to complete the additional authentication steps.

Click the banner to access customized content when you register as an Insider.

When MFA and Mobile Devices Don’t Mix

Common methods of implementing MFA often rely on the use of mobile devices. When an SMS message, a one-time password or a push notification is sent, it is commonly delivered to a user’s smartphone. That said, there are some risks associated with sending SMS, one-time password or push notifications for MFA. When implemented improperly or as the sole security method, messages could be hacked and codes intercepted. In fact, the U.S. government has recommended that no MFA solution should rely solely on SMS verification tools.

Ensuring Protection Outside of Mobile-Based MFA

To fill these gaps and ensure 100 percent MFA coverage, agencies may consider hardware security keys. The key is typically a physical device, often a USB drive that only grants access to accounts while it is plugged into a computer. It provides a high level of protection against phishing and hacking because no…

Source…

UK unis implement new IP traffic policies to combat ransomware

/in


Jisc, the non-profit that supports the UK higher education and research community with shared digital infrastructure and services such as the Janet network, has announced that it will start blocking traffic originating from outside the UK from accessing the Remote Desktop Protocol (RDP) remote-access feature from 28 March 2023, to better protect its users from ransomware attacks.

The move follows a 2021 consultation with its users, and reflects the fact that 50% of major ransomware incidents experienced by UK higher education institutions in the past two years began when attackers exploited the RDP feature.

Going forward, said Jisc, inbound traffic to port 3389 – the default port used for RDP – that originates from outside the UK will be blocked, and only inbound traffic from UK IP addresses will be allowed to proceed. Currently, this blocking is possible via Jisc as an opt-in measure, but it will now be by default.

“The use of ransomware against our sector, and globally, has ramped up over the past couple of years, and some attacks against colleges and universities have been devastating,” said John Chapman, director of information security policy and governance at Jisc.

“Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cyber security incident. Controlling access to a known attack vector will help protect the sector as a whole against this type of attack.”

Originally developed by Microsoft, RDP is a supposedly-secure network communications protocol that is intended to help IT admins diagnose problems remotely, and let users access their physical work desktops from other devices.

This is done by deploying RDP client software to connect to the system or server running RDP server software, and open a socket on the desired system to accept authenticated inbound traffic through port 3389. The user can then access all their applications and files just as if they were physically present in the workplace.

Legitimate use of RDP soared in 2020 during the Covid-19 pandemic, as millions of people were forced to work from home by lockdown restrictions, a policy that for many…

Source…

VRChat to Implement Easy Anti-Cheat, Barring the Use of Modded Clients

/in


A move that has drawn significant criticism from the community.

VRChat will receive what is possibly one of its most controversial patches in the next few days. According to a new blog post released by the game’s developer, VRChat will now implement the Easy Anti-Cheat program to permanently bar the use of modded clients. Developer VRChat, Inc. has stated that the decision to implement EAC comes from wanting to protect users, as “modified clients” have become a huge problem for VRChat in many ways.

With the EAC implementation, modified clients of VRChat will be blocked. Here’s a snippet of what EAC will combat once it’s fully integrated into VRChat:

Malicious client modifications are responsible for a massive amount of issues for both our team and our users. We’ve been listening to you cry out for a solution to being harassed, griefed, and constantly crashed, so we’re taking further steps to address one of the roots of the problem. Every month, thousands of users have their accounts stolen, often due to running a modified client that is silently logging their keystrokes as well as other information. These users – often without even realizing it! – run the risk of losing their account, or having their computers become part of a larger botnet.

While the developer wants to protect its users from various hackers, the decision to implement EAC has not gone over that well within the community. At the time of writing, VRChat is currently experiencing a surge of negative reviews in its home platform Steam, where players are quite unhappy that they will not be able to modify the game as they please.

The players’ issues with EAC’s implementation are quite understandable as well. Besides barring client modification, EAC will also stop the use of the most harmless mods, which have been a focal selling point in the VRChat community. Indeed, it has been the main draw of the social game, one that makes it more popular than its competitors, such as Facebook’s own Metaverse. The disappearance of its customizability is a serious point of contention amongst the community and something the developers will most likely see a significant backlash on.

VRChat is currently…

Source…

Court orders Apple to implement App Store changes, 2022 forecast, TikTok tries gaming – TechCrunch

/in


Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry continues to grow, with a record 218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices.

Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and suggestions about new apps and games to try, too.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Apple lost its request to delay App Store changes

Epic Games Inc. Fortnite App As Gamers Flock

Image Credits: Andrew Harrer / Bloomberg / Getty Images

A federal judge ruled this week that Apple can’t push back the deadline to update its App Store policies, as previously ordered in the court’s decision on California’s Epic Games v. Apple lawsuit. Though Apple largely won that case when the judge declared that Apple was not acting as a monopolist (as Epic Games had alleged), the court sided with the Fortnite maker on the matter of Apple’s anti-steering policies regarding restrictions on in-app purchases.

The original ruling stated that Apple would no longer be allowed to prohibit developers from pointing to other means of payment besides Apple’s own payment systems. But Apple wanted that decision put on hold until its appeals case was decided — a delay that would have effectively pushed back the App Store changes by a matter of years.

The judge heard Apple’s requests for a stay on the injunction…

Source…