Around The Web

INFORMATION WEEK
BlackBerrys Can Replace Eyeballs For Security Scans
RIM has revealed that certain of its smartphones are compatible with the IrisAccess retinal scanning system, allowing users to forgo an actual eye scan, tapping their device to the scanner instead. The technology is promoted as a convenience to users, although spokespersons have not commented on the virtues of subverting the biometric authentication process

GCN
DARPA: Dump Passwords For Always-On Biometrics
Citing the difficulties inherent in long, complicated passwords, the Defense Advanced Research Projects Agency has stated its intention to switch to behavior-based biometrics. Rather than rely on intermittent logins, the agency is looking at sophisticated always-on methods like mouse-moving patterns and patterns and speed of typing

CSO
Auraya's ArmorVox Delivers Voice Authentication From The Cloud
Auraya, an Australian company, claims to have overcome many of the shortcomings of voice-based biometrics and created a product that will successfully verify 95% of users. The process takes little training, unlike previous attempts at voice authentication. Additionally, the system records the voices of those it deems impostors and uses that voice imprint to identify future attempts at unauthorized access

INFORMATIONWEEK
Biometrics Shore Up Patient Data Security
In the interest of locking down patient information more tightly, New York's Saratoga hospital has rolled out a biometric authentication system for its network assets. The system requires a fingerprint scan as well as a four-digit PIN before allowing access to data

SC MAGAZINE
O'Neill Picks SafeNet's Authentication For Mobiles
Clothing brand O'Neill has adopted SafeNet and MobilePASS to create a more multilayed approach to its authentication process. The move is expected to provide two-factor authentication covering mobile devices and traditional endpoints

COMPUTERWORLD
How GSA Is Securing Its Cloud Apps
The General Services Administration (GSA) has been at the forefront of federal agencies in promoting two-factor authentication. As the Obama administration pushes to lower IT costs through cloud adoption, the GSA uses smartcards and passwords to strengthen their security

ZDNET
Passwords Are The Weakest Link In Enterprise In Security: Study
To the surprise of very few, poor password policies and practices are the overwhelming cause of compromised networks, according to the Trustwave 2012 Global Security Report. Weak administrative credentials in the form of sickeningly easy-to-guess passwords is still old news, alarming mainly because such old news is still topical

CNET
Fork Over Your Facebook Log-On Or You Don't Get Hired. What?
Lawmakers in Connecticut, Maryland and Illinois have stood up to make it illegal for employers to require employees to surrender their user IDs and passwords to Facebook. While the practice is noisome, there isn't strong evidence that it is as widespread as grandstanding politicians would have you believe

WEBMONKEY
Mozilla's 'Persona Project Wants To Help Manage Your Online Identity
Mozilla plans to build on its Browser ID project by launching Mobile Persona, a distributed online identity system that it hopes will shift end user?s identity management activities from individual websites to the web browser itself

ZDNET
Identity: Yes, That's Your Security Perimeter Being Reinvented
As the enterprise security architecture leaks outside the perimeter, identity schemas will need to learn to evolve to adjust to distributed infrastructures, platforms, applications and devices, analysts with Gartner and IDC say

IMEDIA CONNECTION
The Importance Of Social Sign-On
Social media sign-on is increasingly driving business traffic to retail organizations willing to integrate with brands such as Facebook and Twitter

SEARCH SOA
Trust In OAuth Speeds App Development
OAuth is helping social media sites and other websites to build in an ad-hoc basis of trust to allow developers to integrate APIs with a better sense of security

WEBMONKEY
Future Chrome Version May Choose Your Passwords, and Change Them When You've Been Hacked
Google is currently looking into ways--likely to be coupled with the OpenID standard--to automate password changes when its Chrome browser detects a user has been compromised or had an account hijacked

THE REGISTER
Anti-Phishing DMARC Adoption Gathers (Free) Steam
The new email authentication specification--moving forward with the heft of Google, Microsoft, AOL, Facebook and Yahoo behind it--is expected to reach final revision by next summer and ratification within a year following that revision

SCI-TECH TODAY
Symantec O3 Offers Three Layers of Cloud Security
In conjunction with rolling out a new cloud information protection platform, Symantec is teaming up with Salesforce.com to offer users the opportunity to leverage their Salesforce identity to secure access to all of their cloud services and to implement two-factor authentication on Salesforce accounts

NETWORK WORLD
RSA To Build Authentication Into Apple, Android Phones
RSA is hoping to optimize its SecureID and Adaptive Authentication lines for mobile applications, leveraging anti-fraud technology to better secure mobile applications for risky payment use cases

APIGEE
OAuth For Your API
Advice and opinions about how OAuth can be used to improve the way applications and websites handle authentication, the differences between different flavors of OAuth and deployment considerations

INFOSECISLAND
Authentication: Who Are You And Why Are You Here?
A look at some of the biggest mistakes and best practices in identity and access management today

GUARDIAN.CO.UK
NHS Scotland Rolls Out Single Sign-On Solution
A medical system in Scotland is implementing a single sign-on system for access to patient systems, starting with its clinical applications for about 3,000 users

VENTUREBEAT
Centrify?s Single Sign-On Secures Servers, Scores $16 Million
Focusing on single sign-on for both on-premise and cloud servers, Sunnyvale, Calif.-based Centrify now has a VC total of up to $52 million