Yubico identified a side-channel vulnerability in the cryptographic library used in several of its devices, including the YubiKey 5 Series. This vulnerability, related to ECDSA implementation, could allow attackers with physical access to recover private keys. Users must update to firmware version 5.7.0 or higher for protection, as older versions are permanently vulnerable. Recommended mitigations…
The Arapahoe County Sheriff’s Office plans to reinstate facial recognition technology, now subject to new regulations for its policing use. Previously halted due to service discontinuation, the revised deployment stresses accountability and privacy safeguards while aiming to improve law enforcement effectiveness. The ACSO has engaged the public for feedback on implementing this technology responsibly. Facial…
The article discusses the challenges of verifying human identity in an era dominated by AI and digital technologies. With biometric systems at the forefront, companies like Civic are developing holistic identity solutions that prioritize individuality and security. The rise of Proof of Personhood emphasizes the need for clear distinctions between humans and machines, while also…
The IST report warns that AI and deepfake technologies jeopardize biometric authentication systems, particularly those based on visual and auditory cues. It emphasizes the role of liveness detection as a defense mechanism and outlines the potential for AI spoofing to create convincing fake biometric data. Organizations are urged to adopt robust cybersecurity strategies to mitigate…
A GAO audit found persistent technical issues with Login.gov despite some compliance improvements. Many federal agencies reported challenges related to visibility into authentications, high failure rates during account setup, and inadequate fraud controls. GSA announced compliance with NIST IAL2 standards but still needs to address ongoing technical difficulties and accessibility concerns. A recent audit by…
The OfDIA’s report reveals a gap in awareness of accessibility standards among UK digital ID service providers, with over 25% unaware of the guidelines. More than half of the providers meet the WCAG 2.0 standards, though 5% do not conduct any bias testing. New measures are being introduced to enhance bias testing and the inclusion…
The OfDIA report highlights that over a quarter of certified UK digital identity providers are not aware of necessary accessibility standards. It emphasizes the inconsistency in biometric bias testing, leading to new requirements in the DIATF. OfDIA recommends enhancing accessibility rules, as many providers lack necessary data on bias testing, especially across demographic groups. Over…
The article discusses the growing threat of digital fraud and emphasizes the need for a layered response from various stakeholders, including payments firms and digital identity providers. Panelists from AuthenticID, Daon, and Aware highlighted how fraudsters leverage technological advances like AI to create identities and manipulate systems easily. They advocate for risk-based authentication to balance…
Keyless has launched a Web SDK that allows for multi-channel biometric authentication through web browsers on mobile and desktops. It facilitates seamless user transitions between apps and browsers while maintaining a high level of security. This launch represents a significant step in meeting user demands for flexible authentication methods while preventing fraud such as phishing….
The FBI is looking for advanced biometric software that functions on both Android and Windows systems for mobile identification. The solutions should gather various biometric data types, ensuring compliance with the EBTS and supporting secure data transmissions. Usability features and security standards are critical, with submissions due by March 19, 2025. The FBI has issued…
