HYPR Notches $18.3M In Funding For Its Authentication Software

VC firms RRE Ventures, Triphammer Ventures and .406 Ventures joined as well as investment bank Allen & Co. Issues with password-based security …

Share

With new venture capital from Mastercard, Comcast, Samsung and other investors, New York-based tech startup HYPR has notched $18.3 million in funding. The company sells authentication software to Mastercard, T-Mobile, Rakuten and Aetna, and the round was led by the venture capital arm of Comcast, Fortunereported.

Mastercard, as well as Samsung, participated in the round. VC firms RRE Ventures, Triphammer Ventures and .406 Ventures joined as well as investment bank Allen & Co. Issues with password-based security have been well documented. Users often the same weak password on many different websites, with slight changes that hackers can too often crack or pilfer.

HYPR, however, takes an alternate approach. The company’s technology keeps cryptographic keys that are private on mobile devices. That means that logging on is as easy as tapping a button on a phone. George Avetisov, CEO and co-founder, got the concept for the company after scammers targeted his last company.

With fraudsters impersonating other people, he was led down the path that the digital verification process of one’s identity could see great improvement. Avetisov said, according to the report, “My passwords have passwords — that’s how many we have now.”

Avetisov continued, “Companies spent millions of dollars on authentication. They’ve built walls higher and higher and made passwords more complicated. They’ve done a lot of investing in cybersecurity, but we still log in with passwords every day.”

In separate news, a report surfaced in August that more than 300,000 people who were compromised online are still using logins that were hacked per a Google study unveiled at the USENIX Security Symposium in Santa Clara, California. Google came across the information from its recently-released Chrome Password Checkup.

Google said, according to reports at the time, “We scanned 21 million usernames and passwords and flagged over 316,000 as unsafe — 1.5 percent of sign-ins scanned by the extension,” Google continued, “By alerting users to this breach status, 26 percent of our warnings resulted in users migrating to a new password. Of these new passwords, 94 percent were at least as strong as the original.”

Coinbase remedies clear text snafu by asking some users to reset passwords

Cryptocurrency exchange Coinbase has released a post-mortem on a password storage issue that resulted in the login credentials of 3,420 customers …

Think disabling JavaScript makes you more secure? Think again

Cryptocurrency exchange Coinbase has released a post-mortem on a password storage issue that resulted in the login credentials of 3,420 customers being stored in plain text within an internal log.

A bug in Coinbase’s sign-up page meant the names, email address, and (clear text) passwords of some would-be users were saved in web server logs.

Customers who had disabled JavaScript – a security precaution largely restricted to the paranoid that has the severe downside of making it impractical to use many websites – were, somewhat ironically, the only ones exposed.

Coinbase was presenting JavaScript refuseniks with partially rendered forms, the results of which were sent to internal error logs.

“If a user had JavaScript disabled or their browser received a React.js error when loading, there was enough pre-rendered HTML that a user could fill out and attempt to submit our registration form,” Coinbase explains.

Access to the logs was restricted, but the content they held wasn’t encrypted.

“While we are confident that we’ve fixed the root cause and that the logged information was not improperly accessed, misused, or compromised, we are requiring those customers to change their passwords as a best-practice precaution,” Coinbase explained in a post-mortem on Friday.

“We have an internal logging system hosted in AWS, as well as a small number of log analysis service providers. Access to all of these systems is tightly restricted and audited. A thorough review of access to these logging systems did not reveal any unauthorized access to this data,” it added.

Coinbase has triggered a password reset for impacted customers.

A password alone is insufficient by itself access Coinbase accounts, which are safeguarded by mandatory two-factor authentication (2FA) and additional security controls. The password reset is nonetheless a sensible precaution.

Coinbase has an active bug bounty program, which has paid out $250,000 to date, according to the firm. This particular problem was found internally.

Attacks on crypto-exchanges are far from infrequent, a factor that has prompted security advocates to advice against leaving coins on exchanges.

Website bugs that result in plain text versions of user passwords getting stored somewhere internally on error debugging or similar systems are rare but not unprecedented.

For example, Twitter told users of its social media site to reset their passwords following the discovery of this type of bug in May 2018.

This class of security slip-up is distinct from the many sites that consciously store user passwords in plain text.


YOU MIGHT ALSO LIKENew OSINT technique exploits password reset process to obtain users’ phone numbers

Model of Emerging Technology Adoption (META): Virtual Reality as a Case Study

Although technology acceptance and adoption have been intensively investigated using well-established theories called the Technology Acceptance …

Can’t sign in? Forgot your password?

Enter your email address below and we will send you the reset instructions

Briefs: An Encore for MGM? | Goldman eyes B&B

Goldman to buy chain? Goldman Sachs Group is in discussions to buy the B&B Hotels chain from Paris-based private equity firm PAI Partners, …

Hi and welcome to the HOTELS community! We’re an exclusive membership-based network of global hotel industry professionals and we’d be honored if you joined us.

Sign-up is FREE and only takes a few steps. Please click the button below to begin that process in order to continue reading this story and, in addition, gain access to an extensive library of news, analysis and exclusive content.

Already a member? Welcome back and please login below!

Email Address
Password
Remember me next time

*** Please enter a password before submitting the form.***

Click here to view our FAQ page.