Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/27/2011
06:25 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SecurEnvoy Welcomes Windows 8 Photo-Login Security, But Encourages Authentication

Cautions that pictorial login technology could be a disappointment

Reading (UK), 22nd December 2011: SecurEnvoy has welcomed news that Windows 8 will offer users the opportunity to log in using a gesture-authenticated photo, but cautions that pictorial login technology may come as a disappointment to some users.

According to Steve Watts, co-founder of the tokenless two-factor authentication specialist, Windows 8's pictorial authentication will rely on the accuracy of the touch screen device, as well as the accuracy of the user's gestures when logging in.

"Microsoft's move is, however, definitely a step in the right direction - especially against the backdrop of PINs and passwords being hackable using a variety of cybercriminal methodologies," he said.

We should remember though that users demand the flexibility to connect from any device anyware not just from their Windows 8 laptop. They may wish to travel light and connect to the office on their iPad, smart phone or just use the hotel lobby browser.

This level of connectivity demands a zero food print authentication solution such as tokenless two factor authentication.

"The reality, is that the precision, irrefutability and convenience of tokenless two-factor authentication makes this form of security a far better choice for most users, especially since they can use their smartphone to authenticate themselves," he added.

Despite the limitations of the planned Windows 8 authentication system, the SecurEnvoy co-founder says that he welcomes news that the new Microsoft operating system - due to arrive in Q3 2012 - will feature a photo-based pictorial login system, as it will help to spread the word that there is more to login security than tired old PINs and passwords.

Watts argues, however, that while using your own photo on a lock screen may sound like an ideal alternative to a PIN or passphrase entry system, some users may also find that the system is far from secure when using their laptop in public places.

Pictorial login systems, he explained, can easily be seen in a busy railway or airport caf by someone visually eavesdropping your laptop from the next table. Using a mobile phone to authenticate yourself, on the other hand, is a far more secure process, as it uses something you have and something you know, to verify you are who you claim to be.

Put simply, says Watts, if someone shoulder surfs your login using the new Windows 8 security system, then they effectively have access to your computer.

"So whilst we welcome this alternative to the tired old PIN and password system that has been proven to be less than secure as means of logging in, we feel that the message about tokenless two-factor authentication also needs to be made," he said.

Clearly the ideal authentication strategy is a combination of both pictorial login when you want to login to our PC and tokenless authentication when you need the higher levels of security demanded when accessing your office remotely.

For more on SecurEnvoy: http://www.securenvoy.com

For more on Windows 8 photo-login security: http://cnet.co/tEmM0G

About SecurEnvoy SecurEnvoy is the trusted global leader of tokenless' two-factor authentication. SecurEnvoy lead the way as pioneers of mobile phone based tokenless' authentication.

Their innovative approach to the tokenless' market now sees thousands of users benefitting from their solutions all over the world. With users deployed across five continents, their customers benefit from significant reduced time to deploy and a zero footprint approach means there is no remote software deployment and administrators enjoy the management tools allowing them to rapidly deploy up to 20,000 users per hour.

Making significant growth in every region, SecurEnvoy and partners have expanded its revenue by over 100% year on year with customers in Banking, Finance, Insurance, Government, Manufacturing, Marketing, Retail, Telecommunications, Charity, Legal, Construction. Their partners include, Juniper, Citrix, Fortinet, Sonic Aventail, Cisco, Checkpoint, Celestix, Microsoft, F5 and others.

For more on SecurEnvoy visit www.securenvoy.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.