In RSA's case, they did a lot wrong, which they undoubtedly realize as they churn millions of new SecurID tokens off the assembly lines. The design decisions and mechanisms that help mitigate the risk of a breach, limit its impact, and rapidly recover from it are the most important things to consider. Second, to butcher a Fight Club quote: "On a long enough timeline, everyone gets owned." Even RSA. While RSA's implementation of two-factor may be suboptimal, the event bolsters the argument for deploying two-factor rather than undermining it. The attackers targeting Lockheed Martin and company had to plan an entirely separate operation to compromise RSA's internal secrets to even get their foot in the door of the defense contractors.
However, I think there are a couple interesting points that can be drawn from the RSA breach:įirst, the RSA breach has shown that two-factor technology is incredibly effective. We haven't commented much on the RSA breach, primarily because, instead of ambulance chasing, we've been busy working on some technology to prevent RSA-style attacks from impacting our Duo Push authentication, which is the subject of today's post.
Please click on “Request Information” to find out more.Product & Engineering JJon Oberheide RSA-Proofing Our Duo Push Two-Factor Authentication Evergreen integration with Symantec VIP Access®, as well as core Finastra services such as Fusion Cash Management and Fusion Global PAYplus.Strategies supported include soft tokens authentication via Symantec VIP Access®.APIs available for user synchronization from bank applications, and token validation.Shared service that can be used across all bank applications.Fusion MFM has incorporated Symantec VIP Access® (Soft Tokens).Ībout Symantec VIP Access: Symantec VIP Access Manager helps you to create a single access point to protect your cloud and on-premise web apps via Single Sign-On (SSO) with VIP two-factor authentication. It offers consistent API across multiple MFA providers, enabling banks and fintech applications to switch between the providers with minimal to no changes. This has only been accelerated by COVID-19 with remote working and increased digitalization and self-service thus the Two Factor authentication has become the new norm in authentication process.Ĭurrently, banks are having to deal individually with vendors to integrate multi-factor authentication into their solutions, and switching multi-factor authentication vendors results in re-development of all integrated applications.įusion Multi-Factor Manager is an FusionFabric.cloud based, multi-tenanted multi-factor authentication API service that integrates with multiple providers supporting different authentication standards. Traditional username and password-based authentications are found to be insufficient – not just at login but also prior to critical transactions.
0 kommentar(er)
