Blog
NIST SP 800-63B Rev 4: SMS OTP is Now a Restricted Authenticator, But We Have the Fix
NIST’s updated Digital Identity Guidelines (SP 800-63B-4) formally classify SMS/PSTN one-time passcodes as a restricted authenticator. This is the first time NIST has created an explicit “restricted” category, which comes with new obligations for any organization that continues to use these methods. While SMS OTP is still allowed, the bar for using it has been…NIST SP 800-63B-4 Introduces “Session Monitoring” See How ActiveLock Delivers It
NIST’s updated Digital Identity Guidelines to Revision 4 (SP 800-63B-4) and added Section 5.3 Session Monitoring (also called continuous authentication). The section recognizes continuous, in-session evaluation of user and device signals to catch fraud after login. When risk is detected, relying parties should coordinate with their identity provider to take action. Typical actions are to…TypingDNA on Mobile Phones: Best Practices for Browser and Native Integrations
Typing biometrics behave differently on phones than on laptops/desktops, mainly because users grip the device in many ways and mobile operating systems protect motion sensors. This article explains how to build a reliable mobile experience for both browser-based and native integrations. 1. Major differences between Mobile Browser and Native integrations Question Mobile browser (JavaScript) Native…How to Pick a Great SameText Phrase for Your Custom TypingDNA Integration
When you implement TypingDNA’s Authentication API with the SameText method, you have two ways to capture a typing sample: let users enter any text they like (hoping it is strong enough and that they will reproduce it exactly on future log-ins) or prompt them with a fixed, pre-defined phrase to type. We recommend the fixed…BYOD and the risk nobody is talking about
Why leaning on personal phones for MFA is becoming a blind spot – and how TypingDNA Verify 2FA closes it 1. The hidden dependency: personal phones as the second factor Only 15 % of companies still issue a work smartphone; everyone else depends on BYOD or a hybrid model (jumpcloud.com). When security teams roll out…When “Trusted” Hands Go Rogue: How Family Members Trigger Surprising Security Breaches — and How ActiveLock Stops Them
Remote work turned spare bedrooms into corner offices, but it also invited toddlers, teens and partners into the corporate threat model. A single unlocked laptop can transform innocent curiosity into public-relations chaos or a costly data leak. Below are five headline-making incidents where family insiders mishandled computers, followed by a look at how TypingDNA ActiveLock…Think You Have 2FA with Okta FastPass on Desktop? There’s a 90% Chance That You’re Not Compliant – Especially If BYOD Is Not Allowed
This article focuses on Okta FastPass, but the same principles apply to other desktop-based passwordless authentication methods as well. 1. Windows Hello Is Not 2FA Windows Hello lets users unlock their devices using either a biometric (fingerprint or face) or a PIN. These are alternatives – not layers. So, by design, Hello is single-factor authentication…Why Phone-Free 2FA Is No Longer Optional
In a world where cybersecurity compliance is tightening and digital workforces are diversifying, companies are finally waking up to a long-overlooked reality: 2FA based on personal mobile devices is no longer sustainable. Whether it’s the rise of privacy regulations, employee pushback, or mounting compliance mandates, phone-free 2FA is now a must-have. 1. Regulations Are Forcing…