Research, news and updates on cybersecurity and fraud
On 09/14, PSD2 SCA requirements were introduced in the EU. It will help protect customers but why did they not consider lower-customer-friction options?
As of Sept 1st, 2019, businesses based in New Jersey are now required to notify impacted users of online account information exposed in a data breach.
Many businesses are still troubled by GDPR compliance and are confused about how the regulation applies to password policy.
NIST 800-63b password guidelines can improve user's experience with passwords, including the guideline to stop forcing periodic password resets for users.
Law firms are frequently targeted by hackers but the ABA's Formal Opinion 483 will guide law firm cybersecurity policy to protect firms and their clients.
Many have implemented MFA ahead of the new PCI requirement. Let's look at PCI's multi-factor implementation guidance that highlights some considerations, particularly around passwords that may otherwise be overlooked.
The big changes to NIST password recommendations we’ve been talking about are now official: NIST 800-63 is final. It’s important to know that this overhaul is about more than just passwords. It’s a full reworking of digital identity guidelines with a suite of new documents and a flexible approach to using them.
NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if they are still safe after time?
The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.