Blog Welcome to PureID Research Blog

Introduction: We all know how crucial our credentials are to us, these shared secrets are basically the access to our resources present on various platforms. The whole process of authentication and authorization is pretty much always dependent on these shared secrets which can be in the format of passwords, access tokens, keys, tickets etc. Today […]
Read More...

Satyam Dubey September 13, 2020 Uncategorized

Virtual Private Networks (VPNs) systems are widely used by enterprises to provide secure remote access to their employees. VPN allows for easy access to the infrastructure, but it also opens up the corporate network to the internet. All VPNs use password based authentication which are susceptible to various types of attacks. Many enterprises use 2FA […]
Read More...

Atharva Chincholkar September 4, 2020 Credential Stealing

In the advent of widespread electronic communication we relied on a password for verifying the identity of a person. As it turns out, passwords are not secure enough to trust most information with. Two Factor Authentication to the rescue! right? Well, it’s not so easy. As systems have become secure, the attackers have shifted their […]
Read More...

Atharva Chincholkar August 26, 2020 Credential Stealing

Writing after a long gap. We were engaged with Black Hat, DEFCON 28 & Blockchain Village 2020 remotely in #SAFEMODE. This was a great experience. In my previous blog I had mentioned that in-mobile phishing apps stealing credentials are getting mainstream. Two weeks ago the media around the world was raked with the news of […]
Read More...

Khush Bhatt August 12, 2020 2FA

In the recent news by TechSpot.com we have learnt that Google was ‘forced’ again, this time by Evina Research group, to remove 25 credential stealing apps from its Android play store with 2.34 Million combined installations. Out of the 25 listed applications, PureID Security Team analysed few, to learn modus-operandi of these apps. Abstract of […]
Read More...

Khush Bhatt July 6, 2020 Credential Stealing

In this blog, we are going to discuss one of the many (and we mean MANY) use cases of our passwordless authentication platform – PureAuth.  We are working with a number of organisations that use AWS services. For contingency and serviceability reasons, the organisations share the access to AWS console with multiple admins. However, this […]
Read More...

Ajit Hatti June 25, 2020 Passwordless

Passwords are at the foundation of security and access control ever since humans felt the need of securing resources and access to it. Passwords have been used and abused since millennium and the best documented example of this is “Open Sesame”.  The surprising fact is even after millennium passwords are ubiquitous, and mean anything but […]
Read More...

Ajit Hatti May 31, 2020 Uncategorized