Following the news that:
Hackers Steal Session Cookies to Bypass Multi-factor Authentication
The article covers so much ground that it’s easy to lose sight of the most important facts.
Attacks can bypass a good defence. The old adage of bolting the doors but leaving the windows open springs to mind. For this reason sessions should be managed very carefully and access to data or resources, re-authenticated despite being in a “secure” session.
Unfortunately, the main reason services do not re-authenticate is for fear of aggravating the user. Often the person in charge of the user experience is at loggerheads with the security person. In the end, the customer experience argument often wins out. I’ve heard of apps that maintain a session for 90 days or even longer!
Clearly any technology that lowers the authentication friction and increases the success rate of authentication will help the Customer Experience Manager live in harmony with the Information Security Officer.
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics