Microsoft offers completely passwordless authentication for online apps

Phone-based authentication is the way forward instead.

Article intro image

Applications using Azure Active Directory (AD) to authenticate—a category that includes Office 365, among other things—will soon be able to stop using passwords entirely.

Azure AD accounts can already use the Microsoft Authenticator app for two factor authentication, combining a password with a one-time code. With the new passwordless support, authentication is handled entirely by the app; the app itself represents "something you have," and this is combined with either biometric authentication or a PIN. Passwords have a long, problematic history; while they can be very strong, if suitably long and suitably random, human passwords are often short, non-random, and reused across multiple sites. App-based authentication avoids this long-standing weakness.

Enabling two-factor authentication is just one of the things that organizations can do to improve their security. To that end, Microsoft has extended "Microsoft Security Score," a tool used to assess organizational policy and provide guidance on measures that can be taken to harden an organization against attack. Secure Score already spans Office 365 and Windows security features; to these, Microsoft has added Azure AD, Azure Security Center, and Enterprise Mobility Suite, covering a wider range of settings and options.

Read 2 remaining paragraphs | Comments

Cisco Releases Security Update

Original release date: September 21, 2018

Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encour…

Original release date: September 21, 2018

Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. 

NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. 


This product is provided subject to this Notification and this Privacy & Use policy.


ISC Releases Security Advisory for BIND

Original release date: September 19, 2018

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). Under certain conditions, a …

Original release date: September 19, 2018

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). Under certain conditions, a remote attacker could exploit this vulnerability to modify records on an affected server.

NCCIC encourages users and administrators to review the ISC advisory and apply the necessary mitigations.


This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Original release date: September 19, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encour…

Original release date: September 19, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletin APSB-18-34 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.