Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security Issues Highlighted on Gateway Services

SecurEnvoy : 11 May, 2012  (Technical Article)
SecurEnvoy links closure of API-based access to Google platform on security issues which are solvable with 2FA
Security Issues Highlighted on Gateway Services
SecurEnvoy says that news reports of Plaxo shutting down its API-based `gateway' access into the Google platform - owing to concerns about possible misuse - highlights the security issues that these gateway services pose.

According to Steve Watts, co-founder of the tokenless two-factor authentication ((2FA)) specialist, the problem with these type of cloud-based gateways between popular services is that the recipient network cannot easily trace the IP address - and geographic location - of the user logging in via the gateway facility.

“This has been Google's problem – all it sees is a user `gatewaying' through Plaxo's systems, and are therefore less able to detect any potentially fraudulent activities. The problem is made worse with cybercriminals latching on to the fact that they too can gateway through these portals and escape detection using IP-tracing security measures,” he said.

“Users of Facebook and Google often encounter extra security questions when accessing their account from – say - a different country when on holiday or away on business. This is a standard security measure that works quite well in helping to weed out potentially fraudulent logins,” he added.

But if a fraudulent user in, say, Russia, accesses a US users' Google account via a Plaxo gateway, Google cannot usually tell they are coming in from a given country – often, all they see is the Plaxo server details, he went on to say.

And this, he says, is the root cause of Google's problems, and why Plaxo has had to suspend what was otherwise a useful service for its members.

The problem with all these gateway and screen scraping access services, he adds, is that whilst they have been incredibly useful for users to aggregate their account data on a single Web page dashboard, in the modern Wild West that the Internet has become, cybercriminals are become ever more innovative.

And this, he explains, is where tokenless (2FA) could enter the frame as the saviour of the Plaxo/Google API service and other similar gateway services, as it allows real users to authenticate themselves to far higher levels of security - yet without the inconvenience of toting around a portfolio of hardware authentication tokens – or simply `risking it' when accessing services from unusual locations.

The slightly bad news, says Watts, is that online operators outside the financial services sphere have yet to grasp the enormous additional levels of security, flexibility and convenience that tokenless (2FA) technology brings to the better service table.

“The good news here is that a growing number of banks are waking up to the powerful resource that tokenless (2FA) – which uses a simple mobile phone that almost everyone has in their pocket, briefcase or handbag to authenticate themselves – offers them and their customers,” he said.

“Even better is the fact that companies can now use tokenless (2FA) as an add-on to their existing security login processes, by simply installing tokenless (2FA) software onto their systems. That way they can enjoy high levels of security and convenience on an in-house and desktop basis,” he added.

“Until online services wake and smell the security coffee – and employ tokenless (2FA) technology on their systems – we are going to see similar convenient services like the Plaxo/Google gateway shutting down.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo