Posts Tagged ‘two factor authentication’

Over 600 Data Breaches this Year, Has Your Password Been Compromised?

By DynaPass Inc. on October 26th, 2015

DynaPass Inc. is a provider of out-of-band two factor authentication online security solutions via a mobile phone.

Cyber-Security-(2)

2014 saw a record number of data breaches, the United States alone having experienced 783 breaches with over 85 million confirmed record exposures according to the San Diego, California based Identity Theft Resource Center. If that was not bad enough, between January and October of this year, the U.S. has been plagued by more than 600 reported data breaches and the confirmed exposure of over 175 million records. How certain are you that your log-in credentials are safe?

In an effort to get the public to recognize the importance of cyber-security, the Department of Homeland Security and President Obama went out of their way to designate October as National Cyber Security Awareness Month in an attempt to get the public to acknowledge the threat posed by cyber criminals. It’s not just the genius hacker types that we need to be concerned about. According to the FBI’s Blog “sometimes using the least sophisticated means necessary cyber criminals can obtain passwords”. How many of your own passwords could be easily guessed based on your interests or significant dates in your life? How many of your different accounts use the same or similar passwords that could cause one compromised password snowball out of control? One example of a readily available cybercrime tool is a keystroke logger, a piece of software that will run in the background of your computer and log all your keystrokes to send back to the criminal. With a log of all your keystrokes, criminals can easily figure out your passwords. Keep in mind, this is just one of many similarly easy ways by which criminals may discover your passwords. If passwords aren’t secure anymore, what are we supposed to do to protect our data?

The FBI’s first advisory post for National Cyber Security Awareness Month put it quite clearly, “it is important to add another level of protection between the cyber criminal and you…Two Factor Authentication adds that 2nd layer of protection.” Two Factor Authentication, or 2FA, is a technology that increases security by incorporating requirements beyond something you know (your password). The second factor of authentication can be any number of things, a biometric test, a physical security token, your physical location data, or even something as easy as a secondary password sent to your mobile phone. At first glance it may seem that many of these 2FA options are equal. However, the real world truth is that the cost of setup and maintenance of hardware for biometrics and security tokens can be prohibitive, while physical location requirements just may not be feasible for many applications. These issues can make implementing two-factor authentication a daunting task.

DynaPass’ patented method provides 2FA by utilizing users mobile phones to send them a one-time use password via text message. By leveraging something so commonly used as a text message, DynaPass can increase your authentication confidence without adding maintenance costs or unnecessary complications to workflow.

5 Tips for Cyber Security

In the spirit of National Cyber Security Awareness month, we have provided a few tips to keep you safe online.

1. Think before you click. Healthy suspicion and being a bit skeptical will go far in keeping you secure.
2. Use a well-documented, reliable security suite. Good anti-virus software and browser/network security are essential.
3. Keep your software updated. Updates often include security upgrades that close newly discovered weaknesses.
4. Use strong passwords and avoid using the same password across different sites.Your best option is long and seemingly random string of characters. Password managers can help you keep different passwords in order.
5. And always remember, if two-factor authentication is available, make sure that you have it enabled.

Multi-Factor Authentication Market To Grow 17.3% Year Over Year, Worth $5.45 Billion by 2017

By David Tran on December 11th, 2012

According to a recent multi-factor authentication market research study published by MarketsandMarkets.com, the multi-factor authentication market is expected to reach $5.45 billion by 2017.  It is estimated that between 2012 and 2017, the year over year growth rate of the multi-factor authentication market will be 17.3%.  A key factor contributing to the fast growth of the multi-factor authentication market is the rising number of regulatory compliance requirements.  The global multi-factor authentication market has also seen significant growth in the popularity of phone based authentication solutions.

Phone based authentication solutions such as DynaPass’ two factor authentication solution are growing in popularity because it’s easy to implement, cost efficient, reliable, and most of all secure.  Since mobile phones are owned by over 85% of the U.S. population, users implementing phone based two factor authentications do not need additional hardware besides a mobile phone and there is no need to install software on their computer or phone.  Two-factor authentication, also called strong authentication, is a federally mandated method for user authentication when protecting sensitive information in industries such as finance, education, and healthcare.

For example, last year the FFIEC supplemental guidance outlined the blueprint for the security levels that financial institutions need to combat fraud and succeed in the competitive banking environment.  At the core of those requirements is customer authentication.  The guidance doesn’t outline a single type of authentication solution across all channels, but multiple security tools that give all channels true multiple layers of authentication, whether customers pay online or request bank transactions over the telephone.  DynaPass’ phone based two factor authentication allows users to receive a one-time password via SMS text message to their mobile phone to authenticate them.  This satisfies the “sometime you have” category, an essential component of the FFIEC’s multi-factor authentication paradigm that requires banks to have at least two of the categories for customer authentication, including: “something you know” (password, pin number), “something you are” (fingerprint, DNA, retinal pattern), and “something you have” (ID, ATM card, security token, mobile phone).

According to research firm Frost & Sullivan, people using mobile banking services will increase from 12 million in 2009 to 45 million by 2014.  This means that financial institutions operating without a secured environment will not be able to keep their customers who will move over to their competitors that have security features such as DynaPass’ phone based two-factor authentication.

The two-factor authentication model covers almost 90% of the market for multi-factor authentication and three, four-, and five-factor authentication models are less used when compared to two-factor authentication.  The multi-factor authentication market is spreading across all industries where security is a concern.  Currently, America is the biggest multi-factor authentication market with Europe and APAC following behind.  Phone based two-factor authentication is the security method of choice by many users and will continue to be since it is easily deployable, cost efficient, and effective.

Achieve HIPAA Compliance with DynaPass Out of Band Authentication

By David Tran on May 29th, 2012

The United States Congress introduced the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to address the need for security standards and to protect the confidentiality and integrity of private health information.  HIPAA affects health care organizations by requiring mechanisms to be put in place to control the privacy and security of sensitive patient data stored and exchanged electronically.  HIPAA also affects health care organizations by encouraging the conversion of traditional paper based health care information systems to electronic health care information systems through a standardization of all shared electronic information to make healthcare more effective and efficient.  HIPAA also mandates that the design and implementation of these electronic health care information systems protect the privacy and security of individuals’ health information.  HIPAA X12 standards, version 5010, is a new standard that regulates the electronic transmission of specific health transactions.  Entities that need to conform to HIPAA are health plans, health care clearinghouses and any health care providers that transmit health information in electronic form.  The compliance date for use of these new HIPAA X12, version 5010, standards is January 1, 2012.  The HIPPA Act of 1996 required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop rules known as the HIPAA Privacy Rule and the HIPAA Security Rule.  Within the U.S. Department of Health and Human Services (HHS), the Office of Civil Rights (OCR) is responsible for implementing and enforcing the privacy and security rules.

HIPAA Privacy Rule

The HIPAA Privacy Rule establishes a set of national standards to protect medical records and sensitive health information.  This rule addresses the use and disclosure of individuals’ protected health information (PHI) by organizations subject to the privacy rule.  An increasing number of organizations are utilizing new forms of health information technologies (HIT) which usually involves the transition of PHI from paper to electronic form.  A major purpose of the privacy rule is to define and limit how organizations can use or disclose PHI.  Under the privacy rule, organizations must develop and implement policies and procedures that restrict and limit access of health information based on specific roles of members of the organization’s workforce and they must limit uses and disclosures of the information to the minimum necessary to accomplish their intended purpose.  Many health care providers are adopting electronic health records (EHRs) to enhance the effectiveness and efficiency of the health care they deliver.  The privacy rule became effective on April 14, 2001 and most health plans and health care providers had to comply with its requirements by April 2003.

HIPAA Security Rule

The HIPAA Security Rule is a set of national standards that protects medical records and sensitive health information that is held or transferred in electronic form.  One of the major goals of the security rule is to protect the privacy of health information of individuals while allowing organizations covered in HIPAA to adapt to new technologies to improve the quality and efficiency of health care.  The security rule requires covered entities to maintain appropriate administrative, technical and physical safeguards for protecting electronic protected health information (e-PHI).  Under the security rule, organizations must ensure the confidentiality, integrity and availability of all e-PHI that they create, receive, maintain and transmit.  Organizations must be able to identify and protect against anticipated threats to the security of the information and also protect against impermissible uses or disclosures of this information.  Organizations must also ensure sure that e-PHI is not able to be accessed by unauthorized persons and that their workforce ensures compliance.  Identifying and protecting against anticipated threats and uses is also a requirement by the security rule that organizations must follow.  The security rule became effective on February 20, 2003 and most health plans and health care providers had until April 2005 to comply with its requirements.

DynaPass®Out of Band Authentication Technology (U.S. Patent #6,993,658)

DynaPass’® patented out-of-band authentication method while generating a one-time password (OTP) utilizes a user’s mobile device as a way to authenticate them.  This works by sending an OTP over SMS to a user’s mobile device.   By leveraging DynaPass’® out of band authentication platform, members of an organization’s workforce can authenticate themselves before accessing protected health information and preventing unauthorized users from accessing it.  An organization can also limit access of these members by assigning limitations depending on their roles within the organization and it will prevent unauthorized users from accessing the information.

Traditional methods of accessing health care data remotely such as using a login and password can be easily compromised by phishing attacks, malware and man in the middle attacks (MITM).  Health care organizations can combat these attacks by utilizing two factor authentication, also called strong authentication, along with DynaPass’® out of band authentication to authenticate users and block unauthorized users trying to access this health information.  By combining login credentials along with DynaPass’® out of band authentication platform, organizations can add another layer of security to protect against attacks and data breaches.  A user is authenticated by entering in their login credentials within an online portal and through a secure centralized server on a separate channel, in which an OTP is generated and sent to the user’s mobile device which is a true method of two factor authentication.  By using two factors to authenticate a user, something that a user knows (login credentials) and something that a user has (mobile device), we believe that unauthorized access to health information will be reduced, and organizations will be able to more confidently and securely store and access their health information in electronic form.

We believe that two-factor authentication is an effective way for health care organizations to protect their health information and prevent attacks because even if one layer of security (login and password) is compromised by an attacker, the second layer of security (OTP sent to mobile device) would stop the authentication process and prevent access to the information.   Organizations that are converting from paper based health care information systems to electronic health care information systems need to make sure that their electronic health records information remain safe and that there are safeguards in place to control access to this information.

DynaPass’® out-of-band authentication platform meets and exceeds the requirements of HIPAA by incorporating two-factor authentication while utilizing out of band authentication in a cost efficient way. We believe that DynaPass® out-of-band authentication is an effective layered security process that controls security access and is easy to use.  By using a mobile device as an authentication device, such as a mobile phone which the majority of the organization’s workforce already has, users can utilize two-factor authentication without needing to carry additional hardware tokens to authenticate themselves and organizations can save on costs to implement security devices.  Users do not need to download any additional applications on the mobile devices since DynaPass’® OTP platform uses the SMS system to send the one time password and is a “zero footprint solution.” We believe that DynaPass’® out-of-band authentication is the patented, cost effective two factor authentication solution that can ensure that organizations comply with HIPAA standards while also protecting sensitive health information.

See DynaPass Two-Factor Authentication