On User Authentication tied to the URLs at the registration

Seemingly look-alike URLs are the primary vehicle for Phishing, that results in potentially credential compromise and account take-overs. Such type of attacks have resulted in 81% of data breaches and online-fraud as noted by the Verizon’s data breach report.

As such technologies like FIDO have emerged, to combat Phishing URLs, through lock-in of URLs during the registration of a user account with public-private keys stored on the end users devices. The idea is to have the automatic checks against look-alike attacker’s phishing URLs and not rely on the human eye’s ability to distinguish Phishing URLs.

Several potential issues/constraints arise with the user authentication tied to the URLs at the registration. These can be summarized as follows

URLs of the website cannot be changed (inflexibility) once the user registers’ their devices.
- In the case of a change in the url, all the users need to potentially re-register, and this applies to all levels from sub to top-level domains
No dynamic urls can be used with such URL tie-in at the registration time
When merger and acquisitions need rebranding and change in urls
Long urls and several distinct websites, will constrain eventually the memory capacity of the devices

On the other hand, The Bearer-aware credential-based authentication does the job of securing against any spoofing and phishing (including real MiM proxy ) attacks with

No tie-up to URLs during the account setup/registration
No additional hardware required and cost-optimal
No risk of relying on authentication agents at the user’s end
No changes to applications and federation of identities
Scalability across apps and users

As discussed in the Authentication tied to public keys at the relying party does not bring any additional risk reduction, when the relying party database is compromised compared to shared secrets.

A recent trend that industry has witnessed is that the SSL certificates match the top-level domain of the seemingly but intentionally mis-spelt and are leveraged to suppress any browser warnings on the SSL certificate mismatch.

As such the users most likely are lured into parting away with their credentials and leading to account take overs.

The Bearer-aware credential-based authentication does the job of securing against any spoofing and phishing (including real MiM proxy ) attacks with no additional hardware expense and changing to applications and URLs all at a fractional cost with excellent ROI within a year.

For more info, please schedule a demo with us.

I am not a technical geek; Explain what is iLogSafe that I can understand?

Can you pass on passwords and OTPs to hackers and still feel secure? Obviously “No”. With iLogsafe, even when hackers get your codes, your accounts are secured. Your exclusive iLogSafe codes are useless for hackers, providing a password-less hassle-free secure login.

I use faceId and Voice along with fingerprint and approvals on the app. Am I not secured?

The biometrics have been the mainstream when it comes to authenticating to the gadgets in our possession. But when it comes to online authentication, such authentication schemes fail to secure you from man-in-middle attacks as shown in the “app-based approvals” video.

Disclaimer: *copyrights belong to breakdev.org

I use super strong passwords, OTPs? Why do I need iLogSafe?

Passwords and OTPs were good until yesterday. With real-time interception and hacking (spoofing) your passwords and OTPs are now more vulnerable. Don’t take our word, following reinforce the fact that they are no longer secure.

I use public and private keys; am I not secure?

Yes, public and private key pairs are secure than passwords. However mobility across devices with keychains and webauthn are clunky at best with so many variant offerings. One can always replace public key and replace real user permanently;Read our article for more details HERE

Can you show the details of how my 2FA is vulnerable(contains hacker demo videos)?

The recent attacks as documented by Microsoft on more than 10K enterprises can be easily addressed by iLogSafe and for details please go Here

The following videos help you understand the risks.

Watch this if you currently use mobile app based approval as 2FA

Disclaimer: *copyrights belong to breakdev.org

How does iLogSafe secure my online accounts, money from hackers?

iLogSafe provides a frictionless and easy to use login codes that are locked up to your devices. The patented technology will enable detection of spoofing when someone else intercepts and submits codes. We are an industry standard and meet NIST AAL-3, which means your money and online accounts are hacker-safe.
If you are serious about securing your money and accounts from fraudsters, signup now for great early bird discounts (more than $150 value package)

Do I need to create another set of passwords etc.?

No. We are passwordless.
We don’t use any of your sensitive information such as biometrics nor any private information, including your cell phone details.
Our patented technology is fun to use and intuitive to understand. No teasing of your brain memory nor we ask to solve hair-pulling puzzles.
Your grandma can use this once the account is setup!

I got many more SaaS applications, can you secure them all?

Absolutely!
Below is a starter list. If your SaaS application is not in this list please fill out here
Our product team will work towards securing that app with iLogSafe.

Do I need to create multiple iLogSafe accounts for all the SaaS applications I need to protect?

No. One iLogSafe account can secure everything with our industry standard single-sign on and federation ; completely transparent to you and you just keep using your iLogSafe account.

What is the genesis of iLogSafe? Has this been tested?

iLogSafe is the culmination of years of hacking experience and cyber security management. Patents have been issued as a testimonial of the novelty and the utility of this unique technology pioneered by iLogSafe.

Easy to use and verify its security properties even by non-technical persons, scalable solution designed by a Ph.D. in computer science with CISSP/CISM certification, a regular speaker/presentor at several security conferences and who has successfully run Fortune 500 information security and risk management programs.

At the same time, even with such extensive information security expertise with iLogSafe team, we don’t relax; we are constantly plugged into latest cyber threats and move our program roadmap taking the latest hacks into account.

Our systems are constantly tested by real hacking from our pen-testing team and it goes through multiple checks on OWASP 10, Open API security standards through static and dynamic scans/testing.

On User Authentication tied to the URLs at the registration

Want to know magic with Anti-[Theft, Phish, Spoof, Bypass]?

Signup for Cybersecurity tips for Lawyers