Yes. The name is snarky on purpose. With the drive to using phishing-resistant MFA something on the mind of many organizations, I’ve been taking a look at the Usage & […] The post Entra Useless Insights Report appeared first on Eric on Identity.| Eric on Identity
The Central Bank of the UAE has drawn a line in the sand. By March 2026, the era of the SMS and One-Time Passwords will be over for the nation's financial institutions. This is not a minor policy tweak. It's a seismic shift. For years, the SMS/OTP has been the default security blanket for digital banking. A familiar, but flawed, solution. But the CBUAE's directive acknowledges a harsh reality: in the face of sophisticated phishing, SIM-swapping, and social engineering attacks, this legacy met...| HYPR Blog
Explore NIST's new digital identity guidelines on Identity Proofing, Digital Authentication, and Federated Identity Management for improved IAM practices.| blog.hypr.com
The New York State Department of Financial Services (NYDFS) has long been a leader in setting cybersecurity standards for the financial services and insurance sectors. Under 23 NYCRR Part 500, regulated entities are required to implement a comprehensive cybersecurity program that addresses governance, access controls, incident response, and ongoing risk management.| HYPR Blog
Choosing the right identity verification (IDV) partner is one of the most critical security decisions you'll make. As organizations fortify their defenses, it’s clear that verifying the identity of your workforce requires a fundamentally different approach than verifying customers. The stakes are simply higher. For customer verification, the primary goal is often a smooth, low-friction sign-up process. For your workforce, the goal is ironclad security to prevent a breach. The reality is tha...| HYPR Blog
Helpdesks are critical support hubs, but their central role makes them prime targets for sophisticated social engineering attacks. These attacks exploit human psychology, tricking helpdesk personnel into divulging sensitive information or compromising security, often by targeting credential resets. When attackers convince an agent to reset a legitimate user's password, they bypass security, gaining unauthorized access to sensitive systems and data. The devastating impact was demonstrated by t...| HYPR Blog
Candidate fraud is on the rise, costing companies time, money, and trust. Learn how identity verification helps HR teams detect fake applicants, stop deepfakes, and secure the hiring process.| blog.hypr.com
Explore NIST's new digital identity guidelines on Identity Proofing, Digital Authentication, and Federated Identity Management for improved IAM practices| blog.hypr.com
Teen hackers behind a £440M cyberattack expose the flaws in legacy identity systems. Learn how HYPR stops Scattered Spider with deterministic security.| blog.hypr.com
An inside look at Yubico’s transition to passwordless, including migration to a solution combining YubiKeys with Okta Identity Engine (OIE)| Yubico
Let’s get one thing clear: Scattered Spider isn’t “back” – they never left. You’ve seen the headlines. MGM, Marks & Spencer, and others all fell victim to their schemes. Now, this relentless cybercrime collective has a new target in its crosshairs: the U.S. insurance industry. With recent cyberattacks rattling major providers like Aflac, Erie Insurance, and Philadelphia Insurance Companies, the threat isn't just looming; it's here. As it always has been. As Google Threat Intellige...| HYPR Blog
As the transition period for PCI DSS 4.0 draws to a close on March 31, 2025, PCI DSS 4.0.1 stands as the current version of the standard. More importantly, the March 31, 2025 deadline for full compliance with all new and customized PCI DSS 4.0 requirements is live. What's New in PCI DSS 4.0.1? PCI DSS 4.0.1 represents a limited but important revision to version 4.0. While it doesn't introduce new requirements, it provides crucial clarifications that impact how organizations implement securi...| HYPR Blog
Read HYPR's HR 2025 field guide to prevent interview and onboarding fraud. Get 10 actionable items you can implement today to protect your workforce.| blog.hypr.com
HYPR and HID have partnered to deliver one converged access solution with hardware- and software-based passkeys in a single platform. Whether your workforce needs smart cards for regulated environments, mobile-device credentials for remote workers, or both, this solution flexes to your policies and compliance requirements.| blog.hypr.com
Why Phishing-Resistant MFA Isn’t Optional Anymore The escalating sophistication of phishing and social engineering attacks has pushed organizations towards stronger authentication methods. Phishing-resistant multi-factor authentication (MFA), particularly solutions leveraging FIDO2/WebAuthn standards, is a big leap forward in security posture. Many organizations utilize hardware-based FIDO2 authenticators like YubiKeys by Yubico, widely recognized as a gold standard for physical tokens, pre...| HYPR Blog
How Weak Identity Security Posture Affects Organizations The report paints a clear picture: fraudsters are refining their strategies, targeting high-value credentials and exploiting vulnerabilities across all channels. Several statistics stand out, demanding immediate attention from security and risk leaders.| HYPR Blog
One of the most pressing challenges isn’t just how these bad actors get in, but who is responsible for stopping them. We unpack four key insights from ongoing conversations with enterprise leaders.| blog.hypr.com
This video brings attention to the importance of implementing 2FA, 3FA, MFA and upgrading your security awareness efforts.| Help Net Security
You've been at HYPR for six years. Why is now the right time for this expanded role and for HYPR's next chapter? Doug: Timing is everything. It's the one thing you can't manufacture in this industry. You’re either too early, too late, or you catch the market exactly when it's ready. Right now, the timing for HYPR Affirm couldn't be better.| HYPR Blog
This integration between HYPR and Microsoft provides unparalleled visibility, detects modern threats, and enforces real-time security policies at the moment of access.| blog.hypr.com
As CEO of HYPR, I spend a lot of time thinking about the future of identity security. And right now, one of the most significant shifts we're witnessing is driven by the rapid advancement of Artificial Intelligence. While AI offers incredible potential, it also presents formidable challenges, particularly in the realm of identity verification. The uncomfortable truth is that the era of relying solely on scanning a driver's license or passport to prove someone is who they claim to be is rapidl...| HYPR Blog
Why the Troy Hunt Phishing Attack is a Wake-Up Call for MFA Inadequacy| blog.hypr.com
Unlock Seamless Security: Combining Physical and Digital Access with HYPR and IDEMIA Your organization spans a physical and a virtual environment, but how well aligned are your strategies for securing both? With the rise of hybrid work models, the challenge of securing sensitive information against increasingly sophisticated online and in-person threats has become more critical than ever. In a groundbreaking move to address these challenges, HYPR and IDEMIA have joined forces. This powerful p...| HYPR Blog
The 2025 State of Passwordless Identity Assurance Report revolves around the Identity Renaissance: the exploration of business success when it’s unburdened by security vulnerabilities and inefficiencies.| blog.hypr.com
Don’t we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit?| blog.compass-security.com
Attending Gartner 2024, as with other years, was insightful and inspiring. The event brings together practitioners, leaders, and innovators into one common place to discuss the evolution of our field as well as the challenges facing us today, and what lies ahead. Here are some of my main top takeaways:| IDMig - Identity in Focus
SMS-based, two-factor authentication (2FA) has long been a staple security measure for many online services, including Gmail. However, as the tech industry shifts towards more secure authentication methods, it has become evident that SMS codes are no longer the ideal solution. In a recent reveal, a Gmail spokesperson has confirmed that Google is planning to phase out SMS codes for authentication, marking a significant change for billions of users worldwide.| HYPR Blog
Wouldn't it be great if you could take those policies for a test drive before unleashing them on your users? Now you can.| blog.hypr.com
Organizations agree that passwordless authentication is the future, but getting there represents a significant change management challenge.| Help Net Security
Attackers continually refine their methods to compromise user identities and gain unauthorized access to sensitive systems. One particularly insidious threat is Evilginx, a phishing framework designed to bypass traditional multi-factor authentication (MFA) by operating as an adversary-in-the-middle (AitM) — sometimes known as man-in-the-middle (MitM) — proxy. Evilginx intercepts and manipulates communication between users and legitimate sites, enabling attackers to steal credentials, sess...| HYPR Blog
A few weeks ago, Microsoft issued its first Secure Future Initiative Progress Report. Launched in November 2023, the Secure Future Initiative (SFI) is Microsoft’s acknowledgement that it needs to drastically improve its cloud security posture and make cybersecurity its top priority. The company has dedicated a substantial chunk of its engineering workforce to the effort ”to address the increasing scale, speed, and sophistication of cyberattacks.” In line with this mandate, a key area of...| HYPR Blog
By now, most of us realize that passkeys and passwordless authentication beat passwords in nearly every way — they’re more secure, resist phishing and theft, and eliminate the need to remember and type in an ever-growing string of characters. Despite this, most organizations still rely on password-based authentication methods.| HYPR Blog
Yesterday at the Black Hat conference, Microsoft announced the public preview of Entra FIDO2 provisioning APIs. HYPR worked closely with Microsoft on these critical enhancements, which make it easier for Entra customers to provision passkeys for their users. Like the EAM integration unveiled a few months ago, collaborative development of such features is essential to fuel adoption of secure, phishing-resistant authentication methods. We are honored that Microsoft named HYPR as a fully-tested ...| HYPR Blog
Identity verification has traditionally played an important but limited role in the world of identity and access management (IAM). To establish someone’s identity, you need to prove that they are who they say they are, linking their digital identity to their real-world identity. For employees, this verification typically occurs during onboarding; for customers, it happens when they open a new account. Once validated, they receive credentials, are granted appropriate authorizations, and en...| HYPR Blog
Virtual private networks (VPNs) form a staple of the modern work environment. VPNs provide an essential layer of protection for employees working remotely or across multiple office locations, encrypting data traffic to stop hackers from intercepting and stealing information. Usage of VPNs skyrocketed in the wake of the COVID-19 pandemic and remains high — 77% of employees use VPN for their work nearly every day, according to the 2023 VPN Risk Report by Zscaler.| HYPR Blog
The National Security Agency (NSA), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), recently released its “Top Ten Cloud Security Mitigation Strategies” for organizations to make their cloud environments more secure. The report contains a Cybersecurity Information Sheet (CSI) for each strategy, which includes MITRE ATT&CK and D3FEND mappings and cloud-specific mitigation guidance.| HYPR Blog
When it comes to cyberattacks, March has come in like a lion for Microsoft. Last week, Microsoft said in an SEC filing that that information stolen in a hack of senior leaders’ email accounts is now being used to “gain or attempt to gain access” to company source code repositories and other internal systems. The fallout remains unknown. Just a few days earlier, threat researchers at Proofpoint reported a phishing campaign by the well-known threat group TA577 that targets Windows NT LAN ...| HYPR Blog
One of the biggest security weak points for organizations involves their authentication processes. According to Google Cloud’s 2023 Threat Horizons Report, 86% of breaches involve stolen credentials. Our own research found that 60% of organizations reported authentication-related breaches in the past year. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and other attacks on authentication systems.| HYPR Blog
Identity and access management (IAM) is a crucial security component and a business enabler for the modern enterprise — but it’s clear that current systems are falling short on both fronts. Enterprises remain rife with legacy systems, technology silos, and manual and disconnected processes that were never intended to cope with today’s complex identity environment. New threat vectors, often aided by generative AI, exploit the gaps in this patchwork of systems, with increasingly alarming ...| HYPR Blog
Highlights from our 2024 State of Passwordless Identity Assurance report, which investigates top identity threats, risks and strategies to combat them.| blog.hypr.com
HYPR has partnered closely with Microsoft on the new Entra ID external authentication methods and is excited to be a preferred public preview integration.| blog.hypr.com
Learn how hackers leverage AI to bypass traditional identity security and how these attacks can be defeated using deterministic identity assurance controls| blog.hypr.com
An analysis of the MGM attack, helpdesk fraud as an attack vector. and how organizations can protect themselves.| blog.hypr.com
What is the difference between identity verification vs. authentication? Understand what these terms mean and how they work.| blog.hypr.com
Adaptive authentication can improve both security and user experience but what is it and how does it work? We take a closer look.| blog.hypr.com
PCI DSS 4.0 introduces multiple new directives around passwords and multi-factor authentication (MFA). Here's what you need to know.| blog.hypr.com
This article unpacks the key findings and lessons from the recent Cyber Safety Review Board report on the Lapsus$ threat group.| blog.hypr.com
In this article, we will explore how we can implement FIDO2 passwordless authentication using Keycloak.| RefactorFirst
In this article we will look into understanding how FIDO2 passwordless authentication works| RefactorFirst
Discover best practices for identity proofing in the workplace, including key components and top scenarios. Learn how HYPR approaches identity verification.| blog.hypr.com
Once you have enrolled your FIDO2 security key in Azure AD (which can be done here), you can easily sign-in to web pages that use Azure AD as Identity Provider without needing to enter your passwor…| Microsoft Security Solutions
Learn how identity assurance functions in today's modern enterprise, why it's needed and best practices.| blog.hypr.com
HYPR recently unveiled HYPR Adapt, a comprehensive risk-based authentication solution that protects against dynamic cyberthreats and reduces user friction.| blog.hypr.com
The PSD2 SCA requirements apply to a wide range of financial institutions and service providers. Here’s what you need to know.| blog.hypr.com