NIST SP 800-63-3 Review: Digital Identity Guidelines Overview
Explore NIST's new digital identity guidelines on Identity Proofing, Digital Authentication, and Federated Identity Management for improved IAM practices.| blog.hypr.com
Get the latest insights on passwordless authentication and identity security in HYPR's blog. Discover recent attacks, and learn more about best practices.| blog.hypr.com
The Central Bank of the UAE has drawn a line in the sand. By March 2026, the era of the SMS and One-Time Passwords will be over for the nation's financial institutions. This is not a minor policy tweak. It's a seismic shift. For years, the SMS/OTP has been the default security blanket for digital banking. A familiar, but flawed, solution. But the CBUAE's directive acknowledges a harsh reality: in the face of sophisticated phishing, SIM-swapping, and social engineering attacks, this legacy met...| HYPR Blog
Explore NIST's new digital identity guidelines on Identity Proofing, Digital Authentication, and Federated Identity Management for improved IAM practices.| blog.hypr.com
The New York State Department of Financial Services (NYDFS) has long been a leader in setting cybersecurity standards for the financial services and insurance sectors. Under 23 NYCRR Part 500, regulated entities are required to implement a comprehensive cybersecurity program that addresses governance, access controls, incident response, and ongoing risk management.| HYPR Blog
Choosing the right identity verification (IDV) partner is one of the most critical security decisions you'll make. As organizations fortify their defenses, it’s clear that verifying the identity of your workforce requires a fundamentally different approach than verifying customers. The stakes are simply higher. For customer verification, the primary goal is often a smooth, low-friction sign-up process. For your workforce, the goal is ironclad security to prevent a breach. The reality is tha...| HYPR Blog
Helpdesks are critical support hubs, but their central role makes them prime targets for sophisticated social engineering attacks. These attacks exploit human psychology, tricking helpdesk personnel into divulging sensitive information or compromising security, often by targeting credential resets. When attackers convince an agent to reset a legitimate user's password, they bypass security, gaining unauthorized access to sensitive systems and data. The devastating impact was demonstrated by t...| HYPR Blog
Candidate fraud is on the rise, costing companies time, money, and trust. Learn how identity verification helps HR teams detect fake applicants, stop deepfakes, and secure the hiring process.| blog.hypr.com
Explore NIST's new digital identity guidelines on Identity Proofing, Digital Authentication, and Federated Identity Management for improved IAM practices| blog.hypr.com
Teen hackers behind a £440M cyberattack expose the flaws in legacy identity systems. Learn how HYPR stops Scattered Spider with deterministic security.| blog.hypr.com
Let’s get one thing clear: Scattered Spider isn’t “back” – they never left. You’ve seen the headlines. MGM, Marks & Spencer, and others all fell victim to their schemes. Now, this relentless cybercrime collective has a new target in its crosshairs: the U.S. insurance industry. With recent cyberattacks rattling major providers like Aflac, Erie Insurance, and Philadelphia Insurance Companies, the threat isn't just looming; it's here. As it always has been. As Google Threat Intellige...| HYPR Blog
As the transition period for PCI DSS 4.0 draws to a close on March 31, 2025, PCI DSS 4.0.1 stands as the current version of the standard. More importantly, the March 31, 2025 deadline for full compliance with all new and customized PCI DSS 4.0 requirements is live. What's New in PCI DSS 4.0.1? PCI DSS 4.0.1 represents a limited but important revision to version 4.0. While it doesn't introduce new requirements, it provides crucial clarifications that impact how organizations implement securi...| HYPR Blog
Read HYPR's HR 2025 field guide to prevent interview and onboarding fraud. Get 10 actionable items you can implement today to protect your workforce.| blog.hypr.com
HYPR and HID have partnered to deliver one converged access solution with hardware- and software-based passkeys in a single platform. Whether your workforce needs smart cards for regulated environments, mobile-device credentials for remote workers, or both, this solution flexes to your policies and compliance requirements.| blog.hypr.com
Why Phishing-Resistant MFA Isn’t Optional Anymore The escalating sophistication of phishing and social engineering attacks has pushed organizations towards stronger authentication methods. Phishing-resistant multi-factor authentication (MFA), particularly solutions leveraging FIDO2/WebAuthn standards, is a big leap forward in security posture. Many organizations utilize hardware-based FIDO2 authenticators like YubiKeys by Yubico, widely recognized as a gold standard for physical tokens, pre...| HYPR Blog
How Weak Identity Security Posture Affects Organizations The report paints a clear picture: fraudsters are refining their strategies, targeting high-value credentials and exploiting vulnerabilities across all channels. Several statistics stand out, demanding immediate attention from security and risk leaders.| HYPR Blog
One of the most pressing challenges isn’t just how these bad actors get in, but who is responsible for stopping them. We unpack four key insights from ongoing conversations with enterprise leaders.| blog.hypr.com
What is NIST-800-63B? Learn guidance details and how organizations can align with authenticator assurance level requirements.| blog.hypr.com
You've been at HYPR for six years. Why is now the right time for this expanded role and for HYPR's next chapter? Doug: Timing is everything. It's the one thing you can't manufacture in this industry. You’re either too early, too late, or you catch the market exactly when it's ready. Right now, the timing for HYPR Affirm couldn't be better.| HYPR Blog
This integration between HYPR and Microsoft provides unparalleled visibility, detects modern threats, and enforces real-time security policies at the moment of access.| blog.hypr.com
As CEO of HYPR, I spend a lot of time thinking about the future of identity security. And right now, one of the most significant shifts we're witnessing is driven by the rapid advancement of Artificial Intelligence. While AI offers incredible potential, it also presents formidable challenges, particularly in the realm of identity verification. The uncomfortable truth is that the era of relying solely on scanning a driver's license or passport to prove someone is who they claim to be is rapidl...| HYPR Blog
Why the Troy Hunt Phishing Attack is a Wake-Up Call for MFA Inadequacy| blog.hypr.com
Unlock Seamless Security: Combining Physical and Digital Access with HYPR and IDEMIA Your organization spans a physical and a virtual environment, but how well aligned are your strategies for securing both? With the rise of hybrid work models, the challenge of securing sensitive information against increasingly sophisticated online and in-person threats has become more critical than ever. In a groundbreaking move to address these challenges, HYPR and IDEMIA have joined forces. This powerful p...| HYPR Blog
The 2025 State of Passwordless Identity Assurance Report revolves around the Identity Renaissance: the exploration of business success when it’s unburdened by security vulnerabilities and inefficiencies.| blog.hypr.com
Identity proofing is key to a secure digital environment. Discover how it works, which sectors need it most, and learn about real-world applications.| blog.hypr.com
SMS-based, two-factor authentication (2FA) has long been a staple security measure for many online services, including Gmail. However, as the tech industry shifts towards more secure authentication methods, it has become evident that SMS codes are no longer the ideal solution. In a recent reveal, a Gmail spokesperson has confirmed that Google is planning to phase out SMS codes for authentication, marking a significant change for billions of users worldwide.| HYPR Blog
Wouldn't it be great if you could take those policies for a test drive before unleashing them on your users? Now you can.| blog.hypr.com
We look at the emerging technology, changing attack patterns, and new regulations that will impact enterprise identity verification in 2025.| blog.hypr.com
Discover the key differences between 2FA vs. MFA. It's crucial to learn how these authentication methods work when deciding which is best for your company.| blog.hypr.com
Brute-force attacks target the weakest part of security systems: passwords. Here are the different types of brute-force attacks & how they can be prevented.| blog.hypr.com
Discover the benefits of FIDO authentication, how it works, and why FIDO standards are named the gold standard for secure passwordless authentication.| blog.hypr.com
Most cyber insurers now require multi-factor authentication to get coverage. Learn what, why, and how to comply with the cyber insurance MFA requirements.| blog.hypr.com
The Executive Order on Cybersecurity mandates that agencies deploy MFA by November to enable a Zero Trust architecture. Here’s what you need to know.| blog.hypr.com
Attackers continually refine their methods to compromise user identities and gain unauthorized access to sensitive systems. One particularly insidious threat is Evilginx, a phishing framework designed to bypass traditional multi-factor authentication (MFA) by operating as an adversary-in-the-middle (AitM) — sometimes known as man-in-the-middle (MitM) — proxy. Evilginx intercepts and manipulates communication between users and legitimate sites, enabling attackers to steal credentials, sess...| HYPR Blog
Today Yubico announced the general availability of its YubiKey Bio - Multi-protocol Edition, which supports biometric authentication for FIDO and Smart Card/PIV protocols. Like other YubiKey Bio Series, the new multi-protocol keys incorporate a fingerprint sensor, enabling secure, convenient biometric and PIN-based passwordless login across devices and platforms. The multi-protocol keys, however, offer additional flexibility for enterprises, especially when combined with the HYPR platform.| HYPR Blog
Since 2022, the FBI and other agencies have been sounding the alarm about North Koreans posing as US or other non-North Korean based IT workers and infiltrating companies. In July, security firm KnowBe4 publicly revealed that they unknowingly hired a fake IT worker from North Korea. Fortunately they detected and blocked access as he attempted to load malware onto his system-connected laptop. Since then, similar stories have flooded in. Last week, reports surfaced that a fake North Korean IT w...| HYPR Blog
A few weeks ago, Microsoft issued its first Secure Future Initiative Progress Report. Launched in November 2023, the Secure Future Initiative (SFI) is Microsoft’s acknowledgement that it needs to drastically improve its cloud security posture and make cybersecurity its top priority. The company has dedicated a substantial chunk of its engineering workforce to the effort ”to address the increasing scale, speed, and sophistication of cyberattacks.” In line with this mandate, a key area of...| HYPR Blog
Financial services are one of the most targeted industries in the world for cyberattacks, suffering nearly 20% of all attacks in 2023. This is understandable considering the high-value outcomes of successful attacks and the fact that, despite supposed security improvements, attacks are still relatively successful, with 84% of finance organizations hit by a cyberattack going on to experience at least one breach.| HYPR Blog
By now, most of us realize that passkeys and passwordless authentication beat passwords in nearly every way — they’re more secure, resist phishing and theft, and eliminate the need to remember and type in an ever-growing string of characters. Despite this, most organizations still rely on password-based authentication methods.| HYPR Blog
Yesterday at the Black Hat conference, Microsoft announced the public preview of Entra FIDO2 provisioning APIs. HYPR worked closely with Microsoft on these critical enhancements, which make it easier for Entra customers to provision passkeys for their users. Like the EAM integration unveiled a few months ago, collaborative development of such features is essential to fuel adoption of secure, phishing-resistant authentication methods. We are honored that Microsoft named HYPR as a fully-tested ...| HYPR Blog
Identity verification has traditionally played an important but limited role in the world of identity and access management (IAM). To establish someone’s identity, you need to prove that they are who they say they are, linking their digital identity to their real-world identity. For employees, this verification typically occurs during onboarding; for customers, it happens when they open a new account. Once validated, they receive credentials, are granted appropriate authorizations, and en...| HYPR Blog
As enterprises shift from on-premises to cloud systems, hybrid cloud solutions have become essential for optimizing performance, scalability, and user ease. However, risks arise when poorly configured environments connect to the cloud. A compromised Microsoft Active Directory can fully compromise a synchronized Microsoft Entra ID tenant, undermining the integrity and trust of connected services.| HYPR Blog
Bug bounty programs are sometimes viewed with a negative connotation for a variety of reasons. This post aims to overcome implementation obstacles by debunking those misconceptions, and providing recommendations for organizations as they embark on the bug bounty journey.| HYPR Blog
Virtual private networks (VPNs) form a staple of the modern work environment. VPNs provide an essential layer of protection for employees working remotely or across multiple office locations, encrypting data traffic to stop hackers from intercepting and stealing information. Usage of VPNs skyrocketed in the wake of the COVID-19 pandemic and remains high — 77% of employees use VPN for their work nearly every day, according to the 2023 VPN Risk Report by Zscaler.| HYPR Blog
Many strictly regulated industries such as banking and finance rely heavily on identity and access management solutions to secure their systems and infrastructure. Unfortunately, as demonstrated by the Okta security breach last year, these organizations are attractive targets for hackers due to the nature and quantity of the information they handle. While hackers use sophisticated ransomware once access is gained, they obtain that access through surprisingly low-tech means: for example, by ca...| HYPR Blog
The National Security Agency (NSA), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), recently released its “Top Ten Cloud Security Mitigation Strategies” for organizations to make their cloud environments more secure. The report contains a Cybersecurity Information Sheet (CSI) for each strategy, which includes MITRE ATT&CK and D3FEND mappings and cloud-specific mitigation guidance.| HYPR Blog
When it comes to cyberattacks, March has come in like a lion for Microsoft. Last week, Microsoft said in an SEC filing that that information stolen in a hack of senior leaders’ email accounts is now being used to “gain or attempt to gain access” to company source code repositories and other internal systems. The fallout remains unknown. Just a few days earlier, threat researchers at Proofpoint reported a phishing campaign by the well-known threat group TA577 that targets Windows NT LAN ...| HYPR Blog
One of the biggest security weak points for organizations involves their authentication processes. According to Google Cloud’s 2023 Threat Horizons Report, 86% of breaches involve stolen credentials. Our own research found that 60% of organizations reported authentication-related breaches in the past year. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and other attacks on authentication systems.| HYPR Blog
Identity and access management (IAM) is a crucial security component and a business enabler for the modern enterprise — but it’s clear that current systems are falling short on both fronts. Enterprises remain rife with legacy systems, technology silos, and manual and disconnected processes that were never intended to cope with today’s complex identity environment. New threat vectors, often aided by generative AI, exploit the gaps in this patchwork of systems, with increasingly alarming ...| HYPR Blog
HYPR is expanding its original mission to take a more comprehensive approach to Identity Assurance. We have introduced two cutting-edge products, HYPR Adapt and HYPR Affirm that round out the HYPR platform.| HYPR Blog
Passwordless authentication is an authentication method that allows users to access services without entering a password. Learn everything you need to know.| blog.hypr.com
MFA adds a layer of authentication protection, but how secure is it? Learn more about common MFA bypass techniques used by hackers| blog.hypr.com
The FFIEC published new guidance on authentication for financial institutions. We dig into the FFIEC standards and how passwordless MFA helps you comply.| blog.hypr.com
The OMB published its Federal Zero Trust Strategy, which endorses FIDO MFA and the WebAuthn standards for phishing-resistant MFA.| blog.hypr.com
The 2022 State of Passwordless Security Report examines how security and IT teams are eliminating passwords. Download the report to learn more.| blog.hypr.com
HYPR Cloud Platform version 6.17 marks a turning point for workforce login, with the availability of cross-platform passwordless desktop SSO.| blog.hypr.com
Learn why desktop MFA can harden security defenses for enterprises, and how a passwordless solution ensures a seamless login experience across devices.| blog.hypr.com
MitM attacks allow attackers to monitor and steal communications and pretend to be legitimate users. Learn how to prevent man-in-the-middle attacks.| blog.hypr.com
Phishing is one of the biggest security threats, but what can you do to stop it? This post takes a look at phishing prevention best practices.| blog.hypr.com
If you use OTP authentication as a part of your organization’s MFA protocols, it may be time to stop relying on OTP security. Here’s why.| blog.hypr.com
Multi-factor authentication is meant to secure logins but attackers can circumvent most processes. Learn why phishing-resistant MFA is the only way forward.| blog.hypr.com
Learn more about push notification MFA, push attacks, and what you can do to protect your users from push attacks.| blog.hypr.com
Account takeover gives attackers complete access to that account's data and other privileges. Learn how to prevent account takeover (ATO).| blog.hypr.com
Highlights from our 2024 State of Passwordless Identity Assurance report, which investigates top identity threats, risks and strategies to combat them.| blog.hypr.com
HYPR has partnered closely with Microsoft on the new Entra ID external authentication methods and is excited to be a preferred public preview integration.| blog.hypr.com
Learn how hackers leverage AI to bypass traditional identity security and how these attacks can be defeated using deterministic identity assurance controls| blog.hypr.com
Explore the new HYPR report based on detailed survey data on top workplace identity security challenges and trends to watch in 2024.| blog.hypr.com
An analysis of the MGM attack, helpdesk fraud as an attack vector. and how organizations can protect themselves.| blog.hypr.com
What is the difference between identity verification vs. authentication? Understand what these terms mean and how they work.| blog.hypr.com
Adaptive authentication can improve both security and user experience but what is it and how does it work? We take a closer look.| blog.hypr.com
PCI DSS 4.0 introduces multiple new directives around passwords and multi-factor authentication (MFA). Here's what you need to know.| blog.hypr.com
This article unpacks the key findings and lessons from the recent Cyber Safety Review Board report on the Lapsus$ threat group.| blog.hypr.com
Learn the importance of Know Your Employee (KYE) and get practical advice to implement strong KYE processes in your organization.| blog.hypr.com
Discover best practices for identity proofing in the workplace, including key components and top scenarios. Learn how HYPR approaches identity verification.| blog.hypr.com
Learn how identity assurance functions in today's modern enterprise, why it's needed and best practices.| blog.hypr.com
HYPR recently unveiled HYPR Adapt, a comprehensive risk-based authentication solution that protects against dynamic cyberthreats and reduces user friction.| blog.hypr.com
The PSD2 SCA requirements apply to a wide range of financial institutions and service providers. Here’s what you need to know.| blog.hypr.com
The 2023 State of Passwordless Security examines authentication practices in organizations globally, and the fiscal and user impacts. Download the report.| blog.hypr.com
Biometric authentication is becoming increasingly popular as a more secure alternative to passwords. Here’s what you need to know its benefits and use cases.| blog.hypr.com
The terminology around Fast IDentity Online can easily get confusing. Read HYPR's blog to learn how to check if your authenticator is FIDO Certified.| blog.hypr.com
What is multi-factor authentication and how can it benefit your organization? In this blog, we explore the benefits and potential pitfalls of MFA.| blog.hypr.com
Apart from the security risks of passwords, reset costs represent a significant expense for your business. Discover how to avoid these by eliminating passwords.| blog.hypr.com
The holiday season is the biggest time of the year for retailers — and cybercriminals. These customer authentication tips can help keep your shoppers safe.| blog.hypr.com
You shouldn't have to choose between authentication security and convenience. We look at ways to create secure and low-friction authentication.| blog.hypr.com
Scores of Okta customers were recently breached through attacks that bypassed MFA controls. Get tips to improve Okta and SSO security in general.| blog.hypr.com
CISA recently issued guidance urging all organizations to move to phishing-resistant MFA. HYPR CEO and CTO Bojan Simic digs into details.| blog.hypr.com
The FIDO Alliance, a group of the biggest organizations in tech and business, want to kill off passwords. Here’s how they’re doing it through FIDO2.| blog.hypr.com
