How to integrate G Suite with Azure Active Directory (Azure AD) is explained. By integrating Azure AD with G Suite, users in Azure AD can login without Authentication to G Suite. G Suite is included in Azure Gallery SaaS apps so that the integration configuration is described in "Microsoft Tutorial document". By use of FIDO2...Continue reading
Month: December 2019
Secure Element (SE)
There are several secure processing hardware such as (1) Secure Element (SE) in smart cards, SIM, ThinC-AUTH (2) Trusted Execution Environment (TEE) in ARM processors in smartphones (3) Trusted Platform Module (TPM) in PCs in order to protect data and codes. According to different requirements in usage, those hardware are employed. ThinC-AUTH is using SE...Continue reading
Smartphone Vulnerability
I recently received an interview about a passwordless login. It became a topic about the realization method of FIDO2. I explained the classification of hardware FIDO2 and software FIDO2. In addition, I explained that the method using smartphones is quite low in security due to the vulnerability of smartphones. There was a question from the...Continue reading
FIDO2 Security Key ThinC-AUTH
ThinC-AUTH is FIDO2 Security Key, with which users can login to Cloud without passwords. Ensurity Technology has developed ThinC-AUTH to achieve Password-less world in cloud applications. Is is certified officially by FIDO alliance and Microsoft Corporation in 2019. Users can use any PC terminals to login to Cloud through browsers. Platform login for Windows is...Continue reading
Password-less SSO to Web Applications
If users login with FIDO2 to Cloud, they can sign (SSO) to Web Applications without any additional authentications. SSO without passwords must be adopted for this purpose. SAML is the most useful protocols today by use of PKI (Publik Key Infrastructure) technology. Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization...Continue reading
Windows Login with Password-less
FIDO2 is basically password-less login from web browsers to Cloud. Microsoft has delivered to his promise of password-less login by introducing native FIDO2-based authentication to Windows 10 and Azure AD, at the same time in July 2019. Instead of Password Login, users can use Password-less login to Windows and no additional sign on to Azure AD or...Continue reading
FIDO2 Protocol
FIDO Alliance FIDO alliance, standing for “Fast IDentity Online”, is an organization to promote standard protocols (set of rules for telecommunications and computer networking) between terminals and cloud. FIDO's goal is to achieve "Password-less World", since more than 80% of today's cyber attacks involves users passwords and multi factors authentication (MFA) can protect more than...Continue reading
FIDO is OK for Internet Banking?
Internet banking system with FIDO authentication was invetigated by Institute for Monetary and Economic Studies, Bank of Japn. As a conclusion, FIDO is secure enough, but the related processing such as FIDO registration by use of old ID data and related transaction regarding money transfer might have risk for cyber attacks. Hidemitsu Izawa, Hidehito Gomi,...Continue reading
Attack against Password recorded in Browsers
There is an auto-complete function that allows the browser to remember the password when logging in to a website or app. ACOT editor run one of free software for analysing his web browsers records in his computer. All his secret credentials are shown at a moment. Please be careful to use this function. There is...Continue reading
Attack against 2 Step Verification
Two-step authentication is a popular method of authenticating with the server by sending numerical values from the PC to the smartphone's email and SMS in the second step as well as the user name and password in the first step. The first step is authentication using the user's knowledge, and the second step is the...Continue reading