FIDO2 is basically password-less login from web browsers to Cloud. Microsoft has delivered to his promise of password-less login by introducing native FIDO2-based authentication to Windows 10 and Azure AD, at the same time in July 2019. Instead of Password Login, users can use Password-less login to Windows and no additional sign on to Azure AD or...Continue reading
FIDO2 Protocol
FIDO Alliance FIDO alliance, standing for “Fast IDentity Online”, is an organization to promote standard protocols (set of rules for telecommunications and computer networking) between terminals and cloud. FIDO's goal is to achieve "Password-less World", since more than 80% of today's cyber attacks involves users passwords and multi factors authentication (MFA) can protect more than...Continue reading
FIDO is OK for Internet Banking?
Internet banking system with FIDO authentication was invetigated by Institute for Monetary and Economic Studies, Bank of Japn. As a conclusion, FIDO is secure enough, but the related processing such as FIDO registration by use of old ID data and related transaction regarding money transfer might have risk for cyber attacks. Hidemitsu Izawa, Hidehito Gomi,...Continue reading
Attack against Password recorded in Browsers
There is an auto-complete function that allows the browser to remember the password when logging in to a website or app. ACOT editor run one of free software for analysing his web browsers records in his computer. All his secret credentials are shown at a moment. Please be careful to use this function. There is...Continue reading
Attack against 2 Step Verification
Two-step authentication is a popular method of authenticating with the server by sending numerical values from the PC to the smartphone's email and SMS in the second step as well as the user name and password in the first step. The first step is authentication using the user's knowledge, and the second step is the...Continue reading