After a slew of cyber security attacks since late 2021 on top US companies and federal agencies, the House Appropriations has made the critical decision to fund additional cyber security initiatives. Data breaches and theft are a serious problem that has plagued organizations and individuals alike, especially government institutions. This move is a potentially transformational step for the US that will enable them to advance private and public security technologies.

$15 Billion Allotment For Cyber Security

House Appropriations marked $15 billion for cyber security spending for the fiscal year 2023. These investments came as a response to President Biden’s executive order urging federal agencies to improve security standards. The executive order focuses on improving information sharing between government agencies and private sector companies and urging agencies to adopt a zero-trust policy that includes the FIDO Alliance specification, in addition to boosting preventative measures.

CISA or Cybersecurity and Infrastructure Security Agency, a civilian organization, received $2.9 billion, $417 million more than the amount requested by the Biden administration. This investment is bound to supplement key services that CISA provides to other federal agencies under the National Cybersecurity Protection System. Key services include continuous diagnostics and mitigation, endpoint detection, FIDO Webauthn and so on.

The House Appropriations has allotted $11.2 billion for the Defense Department, which comes with a request to study ways to collaborate more with CISA. Lawmakers asked the department to support CISA with responding to intrusions from Russia and China.

Other departments were also awarded funding aimed to help them improve their security capabilities, to support research and engineering, and even recruit and train future cyber security professionals (in the case of the National Science Foundation).

The different agencies awarded additional funding each have cyber security departments tasked with protecting them from security attacks. The additional funding allotted by the House Appropriations would empower these agencies. Strengthening the agencies’ cyber security capabilities would serve as the building blocks that would ultimately fortify the security of the nation.

Stronger Defenses For The Nation

As technology development continues to progress, cybercrime technology also evolves, making the need for modern cyber security to also evolve at a much faster rate. These risks and threats are becoming more and more complex, which is why Nok Nok Inc, along with the global FIDO Alliance, continues to push for safer cyber security measures to protect end-users. Our passwordless authentication through FIDO-based biometric authentication methods is a crucial step toward stronger security for organizations. Learn more about Nok Nok’s products here.

Apple has rolled out a new version of the iPhone’s operating system, the iOS 16. The latest version offers better innovations in design, customization, accessibility, and security with passwordless authentication.

Customizable Lock Screen

The iOS16 now allows for more customizable lock screens. Users can now set up a different wallpaper for their lock screen and home screen. They can also customize the font and widgets they want to see on their lock screen.

Improved Focus Feature

Apple has improved the Focus feature by allowing users to manually select the apps that they want to receive notifications from when the Focus function is active. Users can also customize who will get alerted.

Smarter Siri

Functions that were tricky to accomplish with Siri in previous versions were now improved for easier use of the voice assistant. Siri can now answer and end calls with simple voice functions. Texting with Siri has also improved as it can now automatically add punctuation so users don’t need to dictate them. Users can also add emojis by saying “emoji” and the description of the emoji.

Smoother Dictation

Switching between speaking and typing is smoother with the iOS 16. The keyboard stays open while you speak so you can use it anytime. Users can touch a text you want to replace and replace it with speech.

Additional Features To Live Text

Live Text now has added features that makes extracting information from multimedia more convenient. The new update enables the Live Text feature to recognize and copy text in images and videos. The new Visual Look Up feature allows users to lift a subject in an image and type it in any app. Apart from those, the update includes translation capabilities, a 15-minute undo, and currency conversions.

Writing Improvements

iPhone’s native keyboard was also upgraded with haptic typing for smoother and more efficient writing experience. Haptic keyboard feedback can be turned on or off separately. iOS 16 also features unending and editing in iMessages. The quick notes feature, which was first introduced in iPad OS 15, is now available in iOS 16 as well.

Passwordless Authentication Log In With Passkeys

Passkeys is a digital cryptographic authentication feature that stores the user’s passwords for various apps, websites, and services so they don’t need to remember so many passwords. Passkeys are local to a specific device, which are done in the background for iOS 16. Passwordless authentication protects users from cybercrime while remaining convenient for the users, which is why it’s no surprise that use of passkeys grew in 2020.

If you’re interested in passwordless authentication system, read here to learn more.

Digital-only banks, by providing banking services through digital platforms, offer convenience. However, the majority of consumers remain reluctant to shift to digital-only banks due to concerns on data security. In light of these concerns and the continuous cybercrime attacks on financial institutions, digital banks have a duty to strengthen their cybersecurity capabilities through passwordless authentication.

Data Security Woes

The US Consumer Affairs reports that cybercrime instances have doubled since the start of the COVID-19 pandemic. Since digital banking and e-commerce have become more commonplace in the past few years, data security issues have also increased for end-users. Cybercriminals have evidently begun to target end-users more often. Consumers are worried about password breaches, property theft, identity theft, and fraud, among others. Digital-only providers are, thus, at the forefront of the fight against cybercrime.

A survey by Pymnts.com revealed that the low-friction user experience offered by digital-only banks is enticing for consumers but the fear of cybercrimes is the number one deterrent. The distrust in digital-only banks is particularly strong among baby boomers and Gen Xers, but also exists among millennials. The good news, however, is that with such heightened awareness of the risks, consumers are more willing to forgo convenience for the sake of safety.

Fortifying Security With Passwordless Authentication

Cyber security has always been a primary concern for the finance sector. Financial regulators have established strict security standards for digital banking to ensure the safety of consumers. However, with ever-evolving methods and sophistication of cyber-criminals, cyber security capabilities must be strengthened continuously.

Strengthening cyber security capabilities for digital-only banks is no longer just about fortifying their organization’s internal data, but more importantly, focusing on protecting the end-users. Knowledge-based authentication have proven to be quite insecure, and less secure over time. Consumers often struggle with creating and remembering strong passwords, the ease with which hackers can decode passwords, in addition to techniques like phishing where users could unknowingly reveal their usernames and passwords, making this security and authentication method a thing of the past.

Passwordless authentication is a modern type of authentication that uses public-private encrypted keys combined with device biometrics to replace knowledge-based authentication. A global alliance known as FIDO supports a set of passwordless authentication standards that leverage public-private key pairs. While the public key is shared with a service, the private user key remains safe as it is protected by the user’s PIN or biometrics, such as a fingerprint or facial recognition.

Passwordless authentication is incredibly convenient for end-users but also among the safest and most secure methods for consumers or employees. If you’re interested in strengthening your organization’s cyber security capabilities, read more about Nok Nok’s industry-leading FIDO platform.

“Cloud computing” and “cloud-based applications” continue to provide many significant benefits to corporate-level digital activities. Transferring computational and even software needs online in “the cloud” offers companies many cost and operational benefits. Businesses that use cloud computing can achieve their computational needs online without needing to purchase hardware. Often, that cloud-based computational power exceeds what they could afford if they had to buy their own equipment.

At the same time, could-based storage and applications mean that executives and employees no longer have to retrieve data or work on only one machine at a home office. The data and software are always available online, provided staff has the right equipment and clearance to access it.

However, with these tangible work and cost benefits come new concerns such as security.

IT Experts Are Worried About Cyber Security

The ease of access to online data or applications also means that while staff can access their data or software anywhere, potentially from any online-enabled device, this also raises the possibility that criminals can too. Cloud-based storage and computing require extra cyber security considerations, but in a survey conducted across 1500 IT personnel by the Ponemon Institute, 60% of IT and security leaders lacked confidence in their organization’s ability to correctly handle the extra requirements of cyber security that cloud-based operations require. 59% of respondents cited account takeover or credential/ID theft as the top cyber security risk.

Many IT personnel are finding that traditional legacy security methods such as a single-password system are no longer sufficient to enforce modern security needs, especially now that multiple devices can access the same account. New protocols, such as Zero Trust Network Access, employ newer safeguards, such as multifactor authentication, that add extra, more secure levels of access and, in some cases, eliminate the need for passwords entirely, using biometrics, passkey systems, and other mechanisms that don’t require a user to memorize something to get access to an account or data.

A More Secure Future

As more operations shift to a cloud-based architecture, organizations must accompany this shift with an appropriate reinforcement of cyber security. New multifactor security concepts can do away with the vulnerability of a single-password system and eliminate the inconvenience of a long string of alphanumeric characters to try to offset that vulnerability. Groups like the Fast Identity Online Alliance or FIDO are helping to standardize this transition and make it easier and more interoperable for enterprises to get there. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.

In the past, the traditional forms of digital security consisted of a single password for authentication. While convenient in that single passwords are easy to implement and verify, this system was also vulnerable and even inconvenient in other ways. Those vulnerabilities are becoming more apparent as companies move to cloud-based computing and applications, but fortunately, there is a solution like passwordless authentication.

The Password Problems

First, there is the issue with passwords themselves. The weakest security protocol right now is a single-password system because it means that stealing or guessing a password, complete access to data, or complete control of an account is a given. One workaround is to use “strong” passwords that are long, random strings of alphanumeric characters, making them hard for users to remember. So some, due to “password fatigue,” ignore this guidance for convenience. The other solution is to have many passwords to handle different aspects of a system, but due to the number and complexity of passwords, this often requires a passkey manager, which adds an extra layer of interference.

This has resulted in predictable ways to steal passwords. 80% of the data breaches that occur are usually the result of either “phishing,” which tricks users into volunteering passwords through fake emails, phone calls, or other forms of social engineering, or man-in-the-middle attack, which involves spying on a user and monitoring their access activities to steal passwords when they type them in.

The Passkey Arrives For Passwordless Authentication

The passkey concept is a comparatively new idea in digital security, but it brings a lot of promise for passwordless authentication. It is a feature being implemented by companies like Apple, Google, and Microsoft in collaboration with the FIDO alliance that creates strong, cryptographic keys generated for you for easy passwordless authentication. Users that find apps that accept passkeys can have passkeys created for every username or account. That passkey is automatically entered with just one touch, similar to the autofill or auto-correct functions for text entry.

The system even allows people to log in to other devices that don’t have a user’s account or passkey system present. All it takes is activating the passkey feature that then creates a QR code that a user’s phone scans so the passkey on the phone can verify and authenticate everything. It’s just one more way that security is working on more durable systems that can eliminate phishing and man-in-the-middle attacks while making passwordless authentication simple and easy for people to use. If you’re interested in using the FIDO protocol and moving to a password-free system, read here to learn more.

Through its own primary research, Nok Nok has been aware that limited business data exists about the state of today’s system-level authentication processes and its relation to the business impact of authentication failures. As the first initiative of its kind to address this gap, the Ponemon Institute, working with Nok Nok, launched an industry survey of businesses with current digital transformation projects underway.

The key finding of this Ponemon Study is that there exists a gap between IT security and line of business managers in understanding the various risks and impacts facing their organizations from authentication failures. 

Learn The Costs Of Authentication

This is one of the major takeaways from a study called “The Costs of Authentication Failure and Negligence,” conducted last summer by the Ponemon Institute for Nok Nok. According to this research where more than 1,000 corporate participants were interviewed,  it’s not just a customer inconvenience that arises from authentication failures. Organizations are spending on average $3M annually on these failures and the maximum single loss ranges from $39M to $42M. 

These losses include costs associated with downtime and business disruptions while security teams resolved various issues, loss of customers and the lingering effects of poor brand perception. On a corporate scale, the severity of system-level failures grows enormously. It’s one thing if one customer can’t remember a password, but quite another thing if many can’t. Similarly, one person with a seized account or data held for ransom is bad, but an entire organization is catastrophic. The most common reason for these breaches is authentication failures, such as clients taking their business elsewhere due to being unable to remember password guidance or simply being unwilling to comply and going to an organization that offers more convenient but less secure protocols.

This masterclass is hosted by Nok Nok and presented by various experts in the industry, including:

Larry Ponemon, Founder & Chair Ponemon Institute

Phil Dunkelberger, President & CEO, Nok Nok Labs

Jim Delli Santi, VP Marketing & Strategic Initiatives, Nok Nok Labs

Close to half of those surveyed agreed that authentication failures represent a significant security challenge for their companies, and preventing these failures is difficult because today’s MFA solutions negatively impact user experience. And sadly, more than 60% of the respondents detect more than ten monthly authentication failures, with an average downtime experienced by the respondents with these failures is about six hours a month. 

There are several reasons for authentication failures, according to the survey respondents. 

First, criminals using stolen credentials are hard to identify and distinguish from actual employees. Only 13% of the respondents said that it was either easy or not difficult to find the miscreants. About a third of the respondents say their companies have good visibility into credential theft attacks. The survey considered thefts of the user’s actual password rather than random guesses, using that account to make fraudulent purchases or other transactions, and steal confidential data. 

Second, only 19% feel that they have a high level of control over their authentication processes. Next, a total of 33% think that more than half of these failures remain undetected, and two-thirds claimed that the frequency (and 55% for the severity) of these failures has increased in the past year. 

Sign up for the masterclass to gain even more valuable insights about the costs of authentication failures. If you’re interested in learning about the FIDO protocol and moving to a password-free system, read here to learn more.

Apple, the ever-popular alternative to PC-based systems, has announced a slew of new features for its latest operating system update, macOS Ventura. The newest upgrade expands the convenience and functionality of Mac computers for users and introduces many more ways to secure data and devices with passwordless authentication.

Multi-Task Management

For users that need to hop back and forth between different windows on different applications and software, “Stage Manager” is one of the tweaks that can help users to stay focused and on track. Now the primary software being used is displayed as a centralized window, but others that are also “in play” at the moment appear as secondary windows on the side for easier access.

Mail has also been overhauled, with a big upgrade to organization and search features. Email contacts, mail itself, or even specific attached documents or photos can be easily retrieved now. Users can even set reminders to reply to or revisit certain emails within a specified period.

Device Interconnectivity

The new OS is also specifically designed to recognize the presence of an iPhone, even wirelessly. “Camera Continuity” is a new feature that allows macOS Ventura to use an iPhone as a web camera and can connect wirelessly to these devices for use. Users can mount their iPhones on their computer or continue to go handheld as they prefer, with smart features that can dim light or accentuate facial features.

Cybersecurity With Passwordless Authentication

Perhaps most importantly, macOS Ventura has new security features that make device usage safer than ever. Safari browser users can now enjoy a passwordless authentication feature called “passkeys.” Passkeys are digital keys that remain local to a specific device. These passkeys can only be unlocked through different passwordless authentication features based on user availability or preference.

Apple already has different forms of passwordless authentication for users to employ based on biometrics. So whether it is Touch ID or Face ID, users don’t have to worry about memorizing a long, difficult string of random alphanumerics. iCloud Keychain allows this same security to sync across devices like a Mac, iPhone, iPad, or Apple TV, with end-to-end encryption. This security even extends to other non-Apple websites, apps, or even non-Apple devices using an iPhone. 

These steps bring Apple users one step closer to an even safer digital experience that strongly repels attempts at identity theft without requiring inconvenient steps or measures to be taken. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.

Biometrics is a form of password-free authentication that, instead of relying on typing out a memorized word or phrase, uses unique personal characteristics to confirm identities, such as the face, the voice, or even a fingerprint such as a thumb. Biometrics have slowly integrated into financial transactions, and a new study indicates that this trend is set to grow explosively.

Biometric Banking

According to Juniper Research, financial transactions through biometric authentications are set to exceed one trillion dollars by 2027. When it comes to remote payments, especially through mobile devices, PIN numbers and passwords are still dominant; with biometrics slowly integrating into mobile devices like smartphones and tablets, the current transaction amount is estimated to be approximately $332 billion.

This means that if the Juniper Research estimates are correct, remote payments through the use of biometrics are expected to rise by about 365% within the next five years.

Growth By Necessity

There are several reasons that this growth in biometrics is occurring. The chief driver is convenience. Biometrics is fast and easy. It doesn’t require a person to memorize a long string of random alphanumeric characters just to have a “strong” password. That ease is being capitalized on by large technology companies, such as Apple, that incorporate biometrics into financial software such as Apple Pay, making it an easily accessible, easy-to-use payment alternative for Apple users.

The other factor is government intervention. The European Union, for example, has a “Second Payment Services Directive” (PSD2) that is putting a renewed emphasis on cybersecurity. Strong Customer Authentication, or SCA, is a part of this directive, and that also means multi-factor authentication that doesn’t rely solely on a password for access. Biometrics is an important component in meeting these standards.

Another factor contributing to the wider implementation of biometrics is FIDO, or the Fast Identity Online alliance. Formed in 2013, this alliance of industry experts is committed to reducing the reliance on passwords and promoting a standardized protocol.

FIDO recently got a shot in the arm with an official announcement from major tech companies Microsoft, Apple, and Google, all announcing broad support for FIDO standards, with an intention to make them more widespread in technology. That initiative is going into deployment as quickly as next year and will continue to become more widespread.

Biometrics is a fast, secure, and more convenient way to authenticate without using passwords. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.

Personal finances are more accessible than they’ve ever been. The average consumer has now gone from being limited to using a bank branch when it’s open, to using automated teller machines 24/7 at specific locations, or accessing bank accounts at home on a computer or on the go with a mobile device such as a phone or tablet. However, ensuring that a customer’s money is safe has required more stringent security measures. This is where things can get complicated unless better, more convenient measures like modern biometric authentication are implemented.

Protecting Money

Accessing bank accounts in the past required visiting a bank branch and filling out forms while presenting bank books and other documents that verified identity. However, in the digital world, the mainstay for accessing personal finances has been the password. According to PYMNTS.com, 64% of people who access their financial data do so using a traditional username/password combination at least once a month.

Unfortunately, passwords can be an extremely weak form of security, depending on the individual choice. Through ignorance or neglect, some people choose passwords that are easy to guess, leaving their financial data vulnerable to unauthorized access. The solution is to use a “strong password” and username, which typically consists of long strings of random alphanumeric combinations to make guessing impossible. Unfortunately, this also makes the passwords extremely difficult to remember, making this method incredibly inconvenient.

Making Things Easier

This is where FIDO biometric authentication methods can have a huge impact. According to PYMNTS.com, over 60% of consumers surveyed are willing to try a system other than traditional username/password mechanics. This jumps to over 73% for consumers who access online financial services across multiple mobile devices.

Biometric authentication, rather than memorization of a username and password, uses the individual’s unique characteristics that can’t be exploited through guessing. Those characteristics may be the face, fingerprints, voice identification, or other factors. However, the key feature is that a face can’t be “guessed.” Just because a thief may know what a person looks like, that knowledge doesn’t help them access a system that requires a person’s face. When combined with other mechanisms, such as USB encrypted keys, or multiple forms of biometric confirmation, this can form a multifactor authentication system that is faster than inputting a username and password and more convenient since it doesn’t require memorization.

As more and more people move to a model of accessing data across multiple platforms and devices, better, faster, stronger security systems are needed.

If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.

Certain types of software are ubiquitous. Microsoft Windows is found on millions of computers worldwide, while Google Chrome is the preferred default search engine for many people. The Java programming language is another such digital tool that has been widely used in everything from mobile software to web-based applications and even middleware that many businesses rely on. Unfortunately, this very ubiquity with software can work against itself in some cases, and cyber security is one of them. A major vulnerability has been discovered in the Log4J logging utility, a favorite of Java developers.

What Is Log4J?

The Log4J utility is one of the most popular developer tools in the Java software world. It is a Java-based, open-source logging utility. It can be programmed to track and report “events,” such as errors so that developers can monitor and eventually address flaws in software. Because of its ease and usefulness, the Log4J utility has been embedded in a huge range of different software, especially for the hundreds of millions of mobile devices in which this embedded software is present.

Unfortunately, a vulnerability has been found in the Log4J utility and because Log4J is so ubiquitous, this has created a severe cybersecurity threat.

Significant Loss Of Control In Cyber Security

The Log4Shell vulnerability has been given a common vulnerability score of 10, which is the most severe designation in terms of threat. Specific examples of exploitation with this cyber security vulnerability include DDOS attacks, remote seizure, control and execution of applications, auctioning access to corporate networks to the highest criminal bidder, and even partitioning of digital resources in a network for the mining of cryptocurrency.

Why It Happens

The Log4Shell vulnerability is the latest example of the struggle between cost and safety. The most cost-efficient approach in software is to use existing resources, sometimes even older ones, rather than internally creating a unique, bespoke solution. However, while this lowers costs, older applications and processes also tend to be more vulnerable compared to the newest application or tool, which, while more expensive, is also far more resistant. Every company wrestles with how much is too much to spend on security.

Now companies are scrambling to identify, address and patch this vulnerability, but it showcases the ongoing need to maintain modernized security measures. New software, new upgrades, and new user control systems such as passwordless identity and authentication reduce the chance of a critical vulnerability being found and exploited because modern passkeys offer phishing resistant, user-centric security.

If you’re interested in using the FIDO protocol and moving to a passwordless identity and authentication system, read here to learn more.