09 Apr 2015

Slack Security

Your inbox may not be bloated, but your security is confirmed as

09 Apr 2015

Your inbox may not be bloated, but your security is confirmed as compromised.

All to often we hear about personal pictures being hacked into and shared from cloud solutions, online (banking, communication, storage) systems being compromised, Slack is the latest company to fall victim to a security failure.

Receiving a message from companies like the below makes us sceptical about using new communication solutions.

We are writing to inform you that we were recently able to confirm that there was unauthorized access to a Slack database containing user profile information. We have since blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents.

What’s the answer to our security concerns? PINsentry, One-time password (OTP), Multi-factor authentication (MFA) and Two Factor Authentication (2FA/TFA) seem to be the standard way to ensure extra security. Of course these additional security measures only work if we actually set-up and use 2FA up on our devices and remember to always carry our PINsentry device.

Google have gone one step further by adding FIDO Universal 2nd Factor (U2F) devices to Google Chrome.

Rather than sending a verification code to a phone, or using a time-based one-time password, users insert a U2F USB device into their computer and tap on the device when prompted by Chrome.

What’s the difference between the protection provided by Security Key and a verification code?
With 2-Step Verification, Google requires something you know (your password) and something you have (like your phone) to sign in. Google sends a verification code to your phone when you try to sign in to confirm it’s you. However, sophisticated attackers could sometimes set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.

Secure systems, data and information sharing is not only of personal concern but can result a company losing customers or gaining a market share. Needless to say digital security is big business.

novastone has developed WealthChat with a unique combination of digital security measures and business procedures to ensure communications are only seen by those they were intended for. WealthChat is a robust business to consumer (B2C) client engagement solution for the delivery of a secure, mobile-centric, real-time communication channel. Central to the technology is a strong, multi-factor provisioning model with all communication encrypted to meet the rigorous demands of the financial services industry.

Feel free to contact us to arrange a demonstration.

Further info about:
Google Security Key
The system Google have adopted: The FIDO (Fast IDentity Online) Alliance

Leave a comment
More Posts

Comments are closed.