At F8 today, Facebook released SDKs and documentation for the integration of Delegated Account Recovery into Java, NodeJS and Ruby applications.

Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google’s BeyondCorp security model, enforcing perimeter security, how endpoint security has evolved through the years, and the future of passwords.

Developers at Uber have unveiled a new module to help users enable the continuous re-authentication of SSH keys.

A recent batch of vulnerabilities in Honeywell building automation system software epitomize the linger security issues around SCADA and industrial control systems.

Google pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to G Suite.

Facebook’s Delegated Recovery delegates account-recovery permissions to third-party accounts controlled by the user. GitHub is the program’s first partner.

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.

A U.S. government agency said the end is nigh for SMS-based two-factor authentication, citing a lack of security around the feature. The latest draft version of the Digital Authentication Guideline issued this week by the U.S. National Institute for Standards and Technology (NIST) said the practice would soon be discouraged. The Digital Authentication Guideline sets the rules that...

Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services. Making users drink from that pond, however, has been a different story. Simplifying the process of using the second form of authentication, most often a verification code sent to a mobile device,...

Intuitively, auto-correcting passwords would seem to be a terrible idea, and the worst security-for-convenience tradeoff in technology history. But a team of academics from Cornell University, MIT and a Dropbox security engineer say that the degradation of security from the introduction of such an authentication mechanism is negligible. The team—Rahul Chatterjee, Ari Juels and Thomas...