keylogger — what is it
keylogger — what is it

There are hundreds, if not thousands, types of malware spread online. Out of them all, keyloggers can legitimately be considered the worst. We are not being dramatic here. If you get infected with a keylogger virus you basically show the hackers everything typed on the keyboard. Passwords, credit card credentials, messages, everything you search for, all of it gets to be exposed and easily stolen.

Read on to learn:


sms authentication
sms authentication

It’s delightful to see that more and more websites, apps and services employ MFA and even make this type of log-in protection a mandatory feature. What makes us a bit concerned, is that a huge portion of those websites still opt for SMS 2fa. Despite the facts that SMS verification has too many limitations and has been proven to be a lot less secure as any other two-factor authentication method. In fact, NIST (the National Institute of Standards and Technology) has issued a recommendation to replace SMS authentication with other types of MFA back in 2016. We do believe that SMS protection is way better than no protection at all. But is SMS secure? If it’s not, why so many companies continue to use it? Is SMS two-factor authentication really as evil as they say it is? What can it be replaced with? …


Image for post
Image for post

Programmable OTP token Protectimus Flex comes in the form of a key fob with a battery life indicator, which makes it more comfortable to use, and more durable

You asked, and we delivered — the new programmable TOTP token Protectimus Flex in a key fob format is already here!

Unlike our other popular programmable hardware token Protectimus Slim NFC, the new Protectimus Flex TOTP token comes in the form of a key fob. This makes our latest two-factor authentication hardware token more comfortable to use, and more durable. The security token can easily be fastened to your keys, this way you won’t forget it, or lose it. There is a bonus feature in the new gadget — it has a battery indicator. …


Image for post
Image for post

A comprehensive comparison of cloud vs on-premise multi-factor authentication solutions to help you choose the best MFA for your business

The basic idea behind any type of multi-factor authentication is communication between an MFA device and a server. An MFA server can be set up either on-premise (locally within your company’s infrastructure) or in a cloud. Both approaches have their pros and cons. In this post, we aim to give you a comprehensive comparison of cloud multi-factor authentication vs on-premise 2FA solutions to help you choose the best 2-factor authentication for your business.

How 2-Factor Authentication Works

Unlike single-factor authentication, which requires only a passcode, multi-factor authentication requires two, or all three of the next determinants:

  • Something you know, which is your user password;
  • Something you possess, which is your MFA security device or…

Image for post
Image for post

Elon Musk twitted that Tesla app two-factor authentication is now on the way: why is it good, and what tokens are better to use for Tesla 2FA

Without a doubt, Tesla’s electric cars are the best vehicles on the market right now. They attract people with modern design, high efficiency, and the low cost of maintenance and operation. These vehicles are generally considered pretty theft-proof, thanks to always-on GPS which lets owners track their cars. But numerous smart features still make these cars extremely vulnerable to hacking. That’s how the two-factor authentication has become one of the most awaited things among Tesla users.

The good news is that the Tesla CEO Elon Musk has recently twitted that 2FA is now on the way. …


Image for post
Image for post

In this post, you’ll learn how to pay less for the multi-factor authentication, and what features make it more userfriendly and reliable

MFA or multi-factor authentication by definition is a technology that limits access to a user account unless the user presents two or more pieces of evidence that prove that they are who they claim to be, moreover, the evidence must be of different natures: something they know, something they have or something they are. Overall, the process is regarded as helpful, as it is a solution to many security threats including phishing, brute force, keyloggers, some cases of social engineering and MITM attacks. …


Image for post
Image for post

We developed two products for Outlook OWA 2FA: the first product is Protectimus OWA, developed specifically for Office OWA integration; the second solution is Protectimus DSPA which adds 2FA directly to Active Directory

If you read this article, you probably know the answer to the “what is OWA” question. But just in case — OWA Outlook is a browser email client to access Microsoft Outlook without any on-premises installations for Exchange 2013, Exchange 2010 users. For Microsoft Outlook update for Microsoft Exchange 2016 it was rebranded as “Outlook on the web”. OWA Outlook online provides access not only to email, but to other personal information like calendar, contacts, and tasks, and is widely used by businesses all over the world. With such sensitive data involved, OWA two-factor authentication becomes imperative.

We developed two products for Outlook OWA 2FA. The first product is Protectimus OWA, developed specifically for Office OWA integration. The second solution is Protectimus DSPA which adds 2FA directly to the repository (Active Directory, Lightweight Directory Access Protocol, databases) and thus adds MFA to everything linked to the business AD, LDAP, etc. …


Image for post
Image for post

Providing our services, we often highlight that Protectimus is a coordinate partner of the OATH Initiative and that all our tokens and two-factor authentication software are OATH-certified. Not everybody is aware, however, of what the Initiative for Open Authentication (OATH) is and what its major goals are. That’s why we decided to clarify all the details concerning the OATH definition — its tasks, algorithms, and overall contribution to open authentication which is so important and useful today.

What is OATH?

In a nutshell, OATH — Initiative for Open Authentication — promotes the industry-wide implementation of strong authentication based on a single reference architecture that is developed jointly by the industry leaders using open standards. …


Image for post
Image for post

A closer look at TOTP algorithm implementation and the work of the TOTP mode.

Time-based one-time password algorithm (TOTP) is the focus of this post. But, before we delve deeper into the TOTP meaning, we’d like to mention the organization that is instrumental in the one-time password algorithms’ existence — OATH, or Open AuTHentication. OATH is a collaboration of all sorts of specialists, who made their mission to create a truly secure and universal network for all to use. We at Protectimus are proud to be a part of this collaborative effort.

In this article, we will learn what OATH TOTP is. We will have a closer look at TOTP algorithm implementation and the work of the TOTP mode. Finally, we will provide a full list of Protectimus TOTP tokens designed for time based token authentication to help you choose the one that suits you best. …


Image for post
Image for post

OCRA, or OATH challenge-response algorithm is the most reliable multi-factor authentication algorithm yet. OCRA algorithm is proved to be the safest one created by the OATH (OpenAuTHentication initiative) as it allows a challenge input to be used for one-time passcode generation alongside the secret key (seed) and a counter or time.

The key difference of the challenge-response authentication algorithm from the older OATH algorithms HOTP and TOTP is the capability to identify the server. The end-user can be assured in the server authenticity, which significantly adds to the security.

OCRA token is usually a keypad-style device or an app. As OCRA meaning might suggest, the algorithm utilizes a certain challenge and a response to it. So a notional challenge-response example would look something like…

About

Protectimus

Two-factor authentication solutions for business. Secure your organization’s and user’s data with MFA: https://www.protectimus.com/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store