Cisco introduces passwordless authentication by Duo - ETCIO.com
Cisco introduces passwordless authentication by Duo - ETCIO.com |
Cisco introduces passwordless authentication by Duo - ETCIO.com Posted: 31 Mar 2021 02:36 AM PDT New Delhi: Cisco Secure on Wednesday introduced passwordless authentication by security platform Duo, enabling users to skip the password and securely log into cloud applications via security keys or platform biometrics built into modern laptops and smartphones. The consequences of using passwords are well known. Passwords are easily compromised and difficult to manage, costing enterprises billions of dollars annually. Moreover, users are often inundated with passwords in their personal and professional lives. Password reset requests comprise a lion's share of IT help desk tickets, resulting in lost productivity for users and increased support costs for the business. Duo passwordless authentication is part of Cisco's zero trust platform, securing access for any user, from any device, to any IT application or environment.The product is designed to be infrastructure agnostic, paving the way to a passwordless future while ensuring that enterprises can seamlessly protect any combination of cloud and on-premises applications without requiring multiple authentication products or leaving critical security gaps, the company said at the Cisco Live 2021 event. "Cisco has strived to develop passwordless authentication that meets the needs of a diverse and evolving workforce and allows the broadest set of enterprises to securely progress towards a passwordless future, regardless of their IT stack," Gee Rittenhouse, Senior Vice President and General Manager of Cisco's Security Business Group, said in a statement. "It's not an overstatement to say that passwordless authentication will have the most meaningful global impact on how users access data by making the easiest path the most secure." Duo passwordless authentication will simplify and strengthen authentication for accessing cloud applications protected by Duo single sign-on (SSO) and third-party SSO and identity providers, by leveraging security keys and platform biometrics such as Apple FaceID and TouchID, and Windows Hello. Pairing passwordless authentication with Duo SSO enables organisations to consolidate hundreds of passwords and authentications into one easy login for users to cloud applications.The authentication will also provide one security tool for all authentication scenarios thanks to Duo's compatibility with hundreds of applications and identity providers, with no infrastructure change required. It will reduce risk of password-related threats and vulnerabilities such as phishing, stolen or weak passwords, password reuse, brute-force, man-in-the-middle attacks and password database compromise, Cisco said. Duo passwordless authentication will be available for public preview beginning summer 2021 and general availability expected by the year's end. |
Google is rolling out end-to-end encryption for RCS in Android Messages beta - The Verge Posted: 19 Nov 2020 12:00 AM PST After two long, complicated years, every Android user worldwide (outside China and Russia) now has access to the next-gen texting standard that is replacing SMS. Google is directly offering RCS chat services through its Android Messages app to anybody who installs it and uses it as their default texting app, which partly bypasses a carrier rollout that, at times, has ranged from sluggish to incoherent to broken. Just as importantly, Google has announced that it's finally beginning to enable a key privacy feature: end-to-end encryption. For Android users who use Android Messages, one-on-one chats will eventually be end-to-end encrypted by default, meaning neither carriers nor Google will be able to read the content of those messages. Even though encryption is only beginning to roll out to people who sign up for the public beta for Android Messages, turning on encryption for RCS is a very big deal. It's a massive privacy win, as it could mean that the de facto replacement for SMS will, by default, be private on the smartphone platform used by the vast majority of people worldwide. As for the people who use that other smartphone platform — the iPhone — we have no word on whether Apple intends to adopt the RCS standard. But as every carrier worldwide gets on board, and now that there is a clearer path to ensuring private communication with RCS, the pressure on Apple to participate is likely to build. Unfortunately, SMS becoming fully deprecated and replaced by RCS will only happen if all goes to plan for Google. Since initially announcing plans to transition to RCS as the primary texting platform for Android, the standard's rollout has been mired in confusion. In attempting to be neutral and make Android's texting a standard shared by carriers worldwide, Google set itself up with the job of herding multibillion-dollar cats — with sadly predictable results. However, last year, Google began to take matters into its own hands, slowly letting users in different countries get RCS services directly from Google rather than wait for their carrier to turn it on. (Even when carriers did turn it on, it has often not been interoperable.) Today, the company has announced that process is complete and RCS is available through Android Messages everywhere Google offers its services (i.e., not China). In certain regions and with certain carriers, Google will continue to allow those carriers to run your RCS services if they so choose. Worldwide availability is an important milestone, but to me, the fact that Google is building on top of RCS to eventually make Android Messages end-to-end encrypted by default is the much bigger news. So let's get into how exactly it will work because there are some things to be aware of. First, as mentioned, it will be rolling out in beta this month, and Google has no timeline for when encrypted chats will graduate into the main app. And as for people willing to sign up for the public beta of Android Messages, be aware that, as usual, Google will be rolling out the feature gradually, so you might not get it right away. End-to-end encryption will only work on one-on-one chats when both users are using Android Messages and have received the update. Enabling end-to-end encryption on group chats is a much trickier problem, so Google won't commit to a timeline for extending the feature. Android Messages on the web is simply a portal to the messaging app on your phone, so just like Signal and WhatsApp, texts you send in that interface will also be encrypted. Speaking of Signal, Google has selected the Signal Protocol for its encryption implementation — just like WhatsApp. (The Signal Protocol is simply the code used to secure the messages; it does not mean those apps can interoperate.) If you are texting with somebody who isn't using Android Messages (say, somebody using Samsung Messages or an iPhone), the fallback to either less-encrypted RCS chat or SMS will still work just fine. And since Android Messages' more advanced features are all built into the app instead of living in the cloud, turning on encryption shouldn't break any other app experiences. The saga of getting carriers and various other business interests aligned on an RCS standard is ongoing. That standard is called the Universal Profile, and it is still evolving as I write this. One thing that isn't part of the Universal Profile is the encryption standard Google is adopting. It's building it on top of RCS right into the Android Messages client. That doesn't mean Google intends for its encryption solution to be proprietary. The company tells me it would be happy to work with any company to work on compatibility. Google has published a brief technical paper available that provides a high-level overview of Google's method for encryption in Android Messages. In other words, it may well be that Google's encryption implementation could someday become part of the Universal Profile standard. As with Apple, there could be some pressure put on the GSMA (the carrier consortium) to move toward more encryption. Facebook still intends to make all of its messaging apps encrypted by default, so it is increasingly becoming a norm for texting. (Disclosure: my wife works for Facebook Reality Labs, the AR / VR division of the company. Read my full ethics statement here.) As with all things RCS, it's better to think of today's announcements as part of an evolving process rather than a launch. Many things in tech have big, splashy moments where products become immediately available and start having an impact right away. RCS is not one of those things. Update, 10:25 am ET, Nov 19: Google has released the technical paper on how it has implemented encryption already, instead of later this month as expected. We have also added a link to the availability map, which shows that both China and Russia are excluded. The article has been updated to reflect that. |
You are subscribed to email updates from "application encryption,android app data encryption,encrypted message meaning" - Google News. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
Comments
Post a Comment