Internet infrastructure provider Cloudflare says it prevented a phishing scheme from compromising the company’s network, thanks to the hardware security keys it issued to all employees.

According to Cloudflare, the hacking attempt was likely part of the same SMS phishing scheme that breached Twilio, which the company has publicly disclosed. disclosed(Opens in a new window) In Monday.

“Around the same time Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare employees,” Cloudflare wrote in a post. blog post(Opens in a new window) tuesday. “This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be susceptible to hacking.”

Twilio and Cloudflare are now warning that the SMS phishing scheme is targeting employees of multiple companies. The attack comes via SMS messages claiming to be from the employer himself. In the case of Cloudflare, hackers tricked three employees into entering their company’s passwords into a fake login form.

The fake login used by hackers. (Credit: Cloudflare)

But even so, the attackers failed to breach Cloudflare because of these security keys. Unlike two-factor authentication codes, which can be shared online, a hardware key is a physical device. It is often designed to fit into a PC’s USB drive and adds an extra step to the login process that cannot be digitally phished.

In Cloudflare’s case, that meant hackers couldn’t break in unless they could physically steal a security key from one of the phished employees. “While the attacker attempted to log into our systems with the compromised username and password, he was unable to exceed the hardware key requirement,” Cloudflare explains.

At least 76 Cloudflare employees received the attackers’ phishing text messages. The messages specifically said: “Alert!! Your Cloudflare calendar has been updated, please tap cloudflare-okta.com to view your changes. However, cloudflare-okta.com was actually a hacker-controlled domain hosting a fake login page capable of stealing passwords.

Text messages hackers sent to Cloudflare employees. (Credit: Cloudflare)

The phishing technique was also designed to defeat two-factor authentication systems. Cloudflare points out that the attacker’s fake login page may display a prompt for time-based one-time passcodes. “The employee would then enter the TOTP code on the phishing site, and this would also be passed to the attacker,” the company said. “The attacker could then, before the TOTP code expires, use it to access the actual company login page.”

It remains unclear who was behind the SMS phishing scheme and how they gained access to the cell phone numbers belonging to so many Cloudflare employees. But Cloudflare data shows the attacker used a Windows 10 machine running Mullvad VPN during the failed connection attempts.

The company added that it had not experienced a breach since rolling out hardware security keys for all employees. For more information on how security keys work, see our reviews.

It is increasingly common for users to enable two-factor authorization when accessing their various accounts on the Internet. Adding 2FA over a simple password provides an added layer of security and protection against hacking and phishing attacks.

The popular Authy app has become the choice for many when managing their 2FA authentication. Below, we’ll cover how to use Authy and get it up and running quickly to provide your accounts with an extra layer of security.

Using Authy Mobile App and Desktop Version

Authy works on both mobile and desktop with the ability to sync your different devices together. This means that once synced, you can use the mobile version or your desktop when logging into any site that requires 2FA.

SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

To get started, install the mobile version. To do this, go to the iOS App Store or Google Play Store and download Authy like you would any other app. Make sure to download the official version of Twilio.

Once downloaded, launch the app and you will be greeted by the main setup screen. This screen will ask for your country code and phone number (Figure A).

Figure A

Enter the phone number of your device, then validate. At this point, Authy will then need to verify your phone number by sending an SMS or a robocall. Once you have received the confirmation by SMS or voice call, enter it in the field provided.

Authy is now installed on your phone and you are ready to start adding accounts for 2FA authentication.

Configuring your accounts to use Authy for 2FA

Now you’ll want to start adding specific login accounts that you want Authy to protect. This process will vary slightly between different platforms and websites, but ultimately it is the same across all sites.

In this example, we’ll be using GitHub, but almost all web accounts work exactly the same.

In GitHub – or whatever account you choose to protect – go to your Account Settings area (Figure B). This is usually accessed by clicking on your account name or the three horizontal lines indicating a drop-down menu.

Figure B

From there, click Passwords and Authentication (Figure C). In some menus, this option will be called Security.

Figure C

On the next page, select Enable two-factor authentication (Figure D).

Figure D

At this point, most sites will ask if you want to use an app like Authy or use SMS (Figure E). In this case, we will select Authy.

Figure E

You will then be presented with a QR code (Figure F). This is the code you will scan from the Authy mobile app to link the two apps.

Figure F

Return to the Authy mobile app. If this is a new install, the app will only show a + icon. Click on it to add a new account. Alternatively, click the menu in the top right and select Add Account (G-figure).

G-figure

The app will then tell you that it is ready to scan the QR code. Click the blue bar that reads Scan QR Code (H-figure).

H-figure

Then just use your phone’s camera to scan the QR code on the screen. Authy will recognize the QR code and present you with a six-digit PIN to access the website (I figure).

I figure

Enter this code and you have completed the process of activating two-factor authentication with Authy. Each time you log into this account, you will need to enter the six-digit PIN code provided by Authy.

This is a constantly changing PIN code that resets every 15 seconds. The next time you log in, you will need to enter the new PIN provided by Authy before the code is reset. If it resets before logging in, just use the following code presented by the Authy app. Never share this PIN with anyone.

Using Authy on Desktops and Sync Devices

Now that Authy is set up on your phone, you’ll want to add your desktop computer so you can log into sites without having to always have your phone handy.

Start by clicking on the top right corner of the mobile app, then Settings. You will then want to click Activate Multiple Devices (Figure J).

Figure J

When finished, go to Authy’s website on your desktop browser and click the download link at the top of the page. Then select your operating system, macOS or Windows. Once downloaded, you will install the program as you would any other application on your computer.

Authy will then load after being installed and the screen will be almost identical to the mobile version you just installed earlier.

On the first screen, enter your phone number again. Make sure it’s the same one you used to set up the Authy mobile app (Figure K).

Figure K

Once entered, the Authy app on your phone will be notified and alert you that a new device wants to sync with the account (L-digit).

L-digit

You will be asked to confirm this synchronization by manually typing OK. Do this and you will receive a confirmation page. The process is now complete and your Authy desktop is synced with your mobile version.

All accounts added with one device will be instantly shared across all devices you add.

Don’t forget to enable backups for Authy

There is another crucial step when using Authy that is sometimes not enabled by default. This is to enable a backup password. This is one of the most important steps because if your phone or device is lost or damaged, there will be no other way to recover your accounts than using this password.

To enable this feature, navigate to the top right corner of the mobile app and select Settings. From there, click Enable Backups (Figure M).

Figure M

Note: On some new installations of Authy, the prompt to enable password backups may appear when trying to add your first website account. In this case, just create your password at this time.

This password is very important, so be sure to write it down, check that it is correct, and then store it in a safe place. There is no way to retrieve or retrieve this password. So, if you lose or forget it and your devices become unusable, you will not be able to access your website login accounts.

Once you’ve set up your backup password, that’s all there is to using Authy. If you add new accounts or devices in the future, the process will be exactly like the previous examples described in this guide.

For ITRs filed on or after August 1, 2022, the verification period for these has been reduced to 30 days. If you forget to check your ITR within the prescribed time, then it will be considered void.

“Data electronically will be the date of submission of the return if Form ITR-V is submitted within 30 days of the date of data transmission electronically. In the event Form ITR-V is filed after the deadline mentioned above, it will be considered that the declaration for which the ITR-V form has been completed has never been submitted and it will be the responsibility of the person evaluated to electronically retransmit the data and follow up on it by submitting the new ITR-V form within 30 days,” CBDT said in its latest notification.

Look at the six ways you can check your tax return:

Aadhaar-based OTP

On the ‘e-Verify’ page, select ‘I would like to verify using OTP on the mobile number registered with Aadhaar’ and click ‘Continue’. A pop-up window will appear on your screen. You will need to check the box that says “I agree to validate my Aadhaar information” and click on “Generate Aadhaar OTP”.

An SMS with the 6-digit OTP will be sent to your registered mobile number. Enter the received OTP in the box where it is required and click submit. Upon successful submission, your ITR will be verified. OTP is only valid for 15 minutes.

Net banking

The second method of verifying ITR is through Net Banking. On the ‘e-Verify’ page, select ‘Through Net Banking’ and click ‘Continue’. Select the bank you want to verify your ITR with and click ‘Continue’. A pop-up window will appear on your screen containing a disclaimer. Read and click ‘Continue’.

Bank account

For verification, the third option is to generate an Electronic Verification Code (EVC) through their bank account. You must have a pre-validated bank account to be able to generate EVC. Keep in mind that pre-validation of the bank account is essential to receive the income tax refund.

Related News

ITR electronic verification time reduced to 30 days. Check what happens if it is submitted after that

Related News

ITR Deposit: Record 72.42 lakh ITR deposited in one day; approximately 5.83 million returns filed through July 31

Demat account

The process of verifying ITR through a demat account is similar to verifying through a bank account as mentioned above. On the e-Verify page, select “Via Demat Account” and click “Continue”. The EVC will be generated and sent to your registered mobile number and email id with your pre-validated and EVC-enabled demat account. Enter the received EVC on your mobile number and email id registered with your Demat account and click e-Verify.

ATM

Sending signed ITR-V / Acknowledgment of receipt

If you cannot verify your ITR using one of the electronic methods mentioned above, you can send a signed copy of the ITR-V (acknowledgment of receipt) to the tax department.

While celebrating the 4th of July weekend in the United States during a DJ set by Bob Moses, my iPhone was stolen from my bag; luckily I still had my wallet and keys. Although I was able to observe the thief through “Find My iPhone” going to another concert hall the same night for other small theft attempts, I knew there was not much I could do.

Along with the normal feeling of being taken advantage of, I was also starting to feel more and more frustrated. No phone meant no contact with the rest of the world. Social media was irrelevant, as well as constant contact with my friends and family through the various chat apps I use – only the ones I communicate with via iMessage, thanks to the program on my MacBook. And though it was nice to take a break from my slight dependence on the phone and its many wondershe presented life’s greatest challenges.

Without a phone, I was stuck on personal, financial, social, and business accounts. Many services require a secondary authentication service, which is usually via SMS associated with a mobile phone number. “SMS”, or short message service, is a standard text message sent using a cellular signal instead of an internet connection, unlike iMessage, WhatsApp, Signal or other web messaging services.

SMS 2FA is a authentication protocol that is used after entering the standard password for a service — it sends a short one-time password to the user via a text message. It was a nasty surprise when I found out that SMS 2FA doesn’t include iMessage.

New day, new ID

When did our phone numbers become the new id of the day? The United States does not have a specific identifier to use to manage its population; instead, multiple identity documents such as social security numbers, passports, or state ID cards have traditionally been used to verify a person’s identity. But with the explosive rise of data breaches and identity theftit has become difficult for businesses and consumers to rely solely on these highly sensitive pieces of data.

Phone numbers are connected to most aspects of our lives. Thanks to the massive adoption of personal cell phonesthe evolution of digital ecosystems, and public awareness of how sensitive identifiers can be used — verification services had to look for other identifiers. And while that number isn’t really static like an SSN, it rarely changes. Just ask anyone who has moved to another country what the challenges are here. So it makes sense that more and more services are adopting phone numbers as their primary identity compared to traditional identity verification services. “Phone-centric identity“, using your mobile number with a password, is now being touted as the new, modern way to identify consumers.

All this to say that the 2FA phone and SMS numbers have been proven be insecure and ineffective identifiers. Usurpation, SIM card exchange, Remote Desktop Protocol, Man in the middle attacks and Social engineering are all common methods that criminals can use to effectively gain access to people’s phones and take control of their digital lives. Also, unlike messaging apps with end-to-end encryption, the SMS is integrated into the architecture of the mobile networks themselves. So the security of the SMS messages we send is inherently dependent on the security framework that our mobile carriers have, hopefully, and sometimes not completed integrated. And although this insecure authentication method is widely used, Forrester Research believes that SMS 2FA stops only 76% of attacks.

Alternative authentication methods?

Following my Kafkaesque nightmarepeers in the privacy community have offered to look at some sort of authenticator app, instead of SMS 2FA, as a safer and more efficient method of authentication. This version of 2FA or multi-factor authentication works similarly in that it generates an OTP that users must enter to access a service. Authenticator apps are typically refreshed every 30 seconds, so even if a criminal somehow gains access to the OTP, the likelihood of it working for them is minimized.

Unfortunately, it’s not common knowledge or easy to set up for the average consumer. Not all services offer alternatives to the 2FA SMS code option, and even when they do, setting up authenticator app support involves scanning a QR code, entering different keys, which I really couldn’t figure out, or only works with specific authentication services.

Authenticator apps are more commonly used in an enterprise context to Purposes of single sign-on (SSO) than they are by individuals alone. A tech-savvy friend showed me three different authentication apps on his smartphone, which still didn’t cover all the services that require a secondary form of authentication. And to add insult to injury, I couldn’t even use those authenticator apps during the multi-day phone-free period.

The future of phones and IDs

Despite the relief I felt at having a cell phone again, the whole situation left me feeling uneasy about our overreliance on these numbers. It may be a paternalistic thought, but I don’t see how a “reasonable user“could easily take preventative measures to secure their number and manage their digital livelihoods in the event a criminal steals more than their physical device.

Ideally, there would be a multi-party effort between mobile networks, device manufacturers, operating systems and major digital service providers to create a more streamlined, secure and seamless method that average users could enable to access services and protect their accounts and identities.

More likely, we will see less effort from passionate speakers looking to make a difference in this space. An exciting proposal is around decentralized identity: Users would have a “wallet” that stores their credentials and personal information, which includes verified identity details that one would need to provide eligibility to complete a transaction. This information is “signed” by several trusted authorities to prove its accuracy. And instead of relying on passwords, non-phisifiable cryptographic keys would authenticate users to the services they use.

The technology is still new and would result in significantly less data companies process about users – which is arguably good for user privacy/security and not so good for companies monetizing user data. But perhaps there will come a day when digital services and the users who transact with them will widely embrace such a proposition.

Until then, I’m not taking my eyes off my new phone.

“Payment details will appear on screen and the consumer will also receive an SMS alert. The whole checkout process can be completed in seconds. QR code-based payment is more efficient, less time-consuming, error-free, more secure and tamper-proof,” the official said.
Union Minister of State for Ports, Shipping, Waterways and Tourism, Shripad Naik, launched the QR code on electricity bills on Saturday during a program at the Menezes Braganza Institute in the presence of Food Secretary VYYJ Rajasekhar, Chief Electrical Engineer Stephane Fernandesand others.
The function was part of the grand finale of Ujjwal Bharat, Ujjwal Bhavish Mahotsav celebrated across the country to highlight achievements in the power sector over the past eight years and the vision to 2047.
Naik appreciated the department’s initiatives as part of the goal of making it easier to do business and to provide service to consumers even during difficult times.
The QR code, he said, will be an additional easy payment option for consumers.
Rajasekhar paid the first electricity bill using the program’s QR code. Fernandes gave a presentation on the workings and benefits of the QR code and various other payment initiatives offered by the department. He also said the department ranks second in the country in the number of digital transactions.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 209

Vodafone Idea will finally allow users to send forwarding messages even without a plan that offers SMS benefits. This is a significant development as Vi customers were previously forced to get more expensive packages to receive SMS. This new move will give users more freedom to move outside the network, if necessary. Also Read – Vodafone-Idea updates its Rs 409 and Rs 475 recharge plans with more daily data

Vodafone Idea’s new decision comes months after TRAI asked the country’s telecom operators to allow users to send text messages without a dedicated texting plan. The TRAI announcement was made in December last year. Also Read – Google and Vodafone team up to extend Wear OS smartwatch battery life

What is a forwarding message?

After the introduction of Mobile Number Portability (MNP) support in India in 2011, users were able to exit their current network by transferring to another. In order to trigger a port request, the user can send a message to the number 1900. This message is called a port-out message. Read also – Vodafone Idea prepaid top-up plans: Free Disney+ Hotstar offered with these data packs

However, there was a big flaw for those who had a valid top-up plan that didn’t support texting. They couldn’t send a transfer message from their phone even if they had a balance. This problem has been solved. However, it should be noted that SMS will not be free. Charges will be deducted from the user’s talk time.

How to wear

Now, if a Vodafone Idea customer wants to port, they can follow these steps:

Send message PORT at 1900

Once you send it, you will receive a message with UPC (Unique Porting Code)

Take this UPC code to the carrier you wish to transfer to

There they will ask you for some basic documents in order to complete the porting process

At the end of the process, you will get a new SIM card from the other operator.

It will be activated after some time

The same process can be repeated when transferring from any other network operator to Vodafone.

Mobile threat campaign tracked as wandering mantis has been linked to a new wave of compromises directed at French mobile phone users, months after expanding its targeting to include European countries.

As many as 70,000 Android devices are believed to have been infected as part of the active malware operation, Sekoia said in a report released last week.

Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, have been known to deploy a piece of banking Trojan named MoqHao (aka XLoader) or redirect iPhone users to malware collection landing pages. credentials that mimic the iCloud login page.

“MoqHao (aka Wroba, XLoader for Android) is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS,” Sekoia researchers said. . said.

It all starts with a phishing SMS, a technique known as smishing, tricking users with parcel delivery-themed messages that contain malicious links, which, when clicked, proceed to download the malicious APK file, but only after determining if the victim’s location is within French borders.

If a recipient is located outside France and the device’s operating system is neither Android nor iOS – a factor verified by checking the IP address and the User agent string – the server is designed to respond with a “404 Not found“status code.

“The smishing campaign is therefore geo-fenced and aims to install Android malware, or collect Apple iCloud IDs,” the researchers point out.

MoqHao generally uses areas generated through the Duck DNS dynamic DNS service for its first stage delivery infrastructure. Additionally, the malicious app impersonates the Chrome web browser app to trick users into granting it invasive permissions.

The spyware trojan, using these permissions, provides a pathway for remote interaction with infected devices, allowing the adversary to stealthily harvest sensitive data such as iCloud data, contact lists, history calls, SMS messages, among others.

Sekoia also assessed that the data amassed could be used to facilitate extortion schemes or even sold to other threat actors for profit. “more than 90,000 unique IP addresses that requested the C2 server distributing MoqHao,” the researchers noted.

Galway hosts a fascinating reunion next week as Goodwood Festival also graces the racing calendar.

The festival itself is a gigantic seven-day event, from Monday July 25 to Sunday July 31, which includes both obstacle courses and flat action in Ireland.

888Sport: 100% bonus up to £100*

Although there are seven days of action, there are huge races every day and there are also big fields, which is great news for one-sided bettors.

Each midweek card kicks off in the evening at 5.10pm and there are great races to watch each day.

On Monday, the festival kicks off with a four-year-old novice hurdle and Galileo’s much-loved HMS Seahorse.

5.10 Tip for Novice Hedge Betting

HMS Seahorse

It’s still early in the bets, but it’s worth watching this field and highlighting this 132-ranked Paul Nolan-trained horse.

He took a step forward on his sixth flat appearance last time out winning by more than six lengths.

And the last hurdle attempt was at Punchestown in April in the Grade 1 Ballymore hurdle, but came a respectable third not too far behind top Vauban and Fil Dor.

He also had a good place behind Brazil at the Cheltenham Festival behind Brazil in the Boodles and should therefore be the one to beat in a largely under-run field.

6:40 p.m.: Connacht Hotel Handicap

Scaramanga12/1

There are 50 runners still in contention at the time of writing, but the ante-post odds still give a good indication of the field for this star race on opening day.

The favorite, Echoes In Rain, is a formidable hurdler and recently placed just behind Honeysuckle at Punchestown in April, but came second by more than three lengths as the overall favorite last time out.

There’s a lot to love about most of the other favorites in betting, but the main shoutout will come from Scaramanga.

One of many starters for Willie Mullins but he wasn’t too far from Coltrane last time out and may have needed the flat run and this is his first outing for this great coach after leaving Paul Nicholas.

Scaramanga should also prefer travel recoil at 2m1f.

He won at Newbury in July last year over a similar distance in Class 2 Bahrain Turf Series Handicap.

Now he could step up to Ireland for his new coach and over a distance he has proven himself well.

His hurdle form is also excellent, although he came fourth out of four at Sandown in April he was beaten by just six lengths against McFabulous, Indefatigable and Fusil Raffles.

New Customer Sign-up Offers

Bet365: bet €10, get €50 – CLAIM HERE

Minimum deposit requirement. Free bets are paid out as betting credits and can be used when settling qualifying bets. Minimum odds, betting and payment method exclusions apply. Returns exclude wagering bet credits. Deadlines and terms and conditions apply 18+ Begambleaware.org

888Sport: 100% match bonus up to £100 – CLAIM HERE

Deposit £/$/€10 min using promo code ‘TOP100’ • Bonus will be applied once full deposit amount has been wagered at least twice with cumulative odds of 1.50 or more • To withdraw your bonus winnings, you must wager the bonus amount up to 5 times • All deposit and bonus wagering requirements must be met within 60 days • This offer cannot be combined with any other offer • Limit of £/$/€50 stake per bet Applies • Restrictions apply on withdrawals, payment methods and countries and full terms and conditions apply. 18+ Begambleaware.org

Betfred: Bet £10, get £60 bonus – CLAIM HERE

New UK customers only. Sign up using promo code BETFRED60, deposit and place first £10+ sports bet (cumulative Evens+) within 7 days of sign up. The first bet must be on sports. £20 free bet to use on sports, £10 free bet to use on lotto and 50 free spins (20 pence per spin) credited within 48 hours of bet settlement. Additional £20 free bets credited 5 days after settlement. Bonuses have a 7 day expiration. Payment restrictions apply. SMS verification and/or proof of identity and address may be required. Full terms and conditions apply. 18+ begambleaware.org

BetVictor: bet €10, get €40 bonus – CLAIM HERE

18+ New customers only. Register and place a £10 bet on horse racing at odds of 2.00+ within 7 days of opening a new account; excludes cashed bets. Receive 3 x £10 free horse racing bets, only valid on defined events with odds of 2.00+. Plus a £10 slot bonus, selected games, wager 20x to cash out a maximum of £250. Bonuses expire in 7 days. Card payments only. Terms and conditions apply. begambleaware.org.

Commercial Content Notice: Taking any of the bookmaker offers featured in this article may result in payout to talkSPORT. 18+. The T&Cs apply. begambleaware.org

Remember to gamble responsibly

A responsible player is a person who:

• Set time and money limits before playing
• Only plays with money he can afford to lose
• Never chase their losses
• Don’t play if upset, angry or depressed
• GamCare– www.gamcare.org.uk
• Aware of the bet – www.begambleaware.org

For help with gambling problems call the National Gambling Helpline on 0808 8020 133 or visit www.gamstop.co.uk be excluded from all UK regulated gambling websites.

Passwordless authentication is a user management method in which the user logs into a system or application without using a password or secret. Instead of using a knowledge based factor (e.g. password), it validates a user’s identity either ownership factors (e.g. email account), or inherence factors (e.g. facial recognition).

This article was created in partnership with Frontegg. Thank you for supporting the partners who make SitePoint possible.

There are many authentication methods used as alternatives to passwords:

• Single Use Code (OTC)
• magic links
• Biometric login (fingerprints, FaceID, voice recognition)
• Smart cards or physical tokens
• Digital certificates

Popularity of Passwordless Authentication

You may already be using “passwordless authentication” without knowing it. Many banking apps use fingerprint and voice recognition to verify users. Slack uses magic links to authenticate users.

The use of passwordless authentication has grown steadily over the past few years. Auth0, an authentication provider, predicts that passwordless authentication exceed the use of passwords by 2027. Gartner predicted that by 2022, “60% of large global enterprises and 90% of midsize enterprises will implement passwordless methods in more than 50% of use cases, up from 5% in 2018.”

Major web players are also doing their best to accelerate technology adoption. On World Password Day 2022, Google, Microsoft, and Apple announced plans to expand support for a common passwordless login standard established.
In June 2022, Apple announced its new ‘Passkeys’ function to use to log in to websites and applications. This announcement basically means that Apple will use Touch ID or Face ID to create a digital key for this website. This removes the need to create and write down a password.

Benefits of Passwordless Authentication

Passwordless authentication offers advantages in terms of security and user experience:

1. Reduces the risk of phishing and password theft: Users are not susceptible to phishing attacks when directed to fake websites and enter their login credentials. If a user does not enter a password, they will not be vulnerable to brute force attackspassword data breaches and other types of credential theft.
2. Reduces credential reuse: Reusing passwords across multiple services and accounts creates increased risk to users and your systems that cannot be avoided. It was reported that 64% of people have used the same password exposed in a breach for other accounts.
3. More memory exercises: Your users don’t need to remember usernames and passwords for so many accounts. Sometimes they have to reset their passwords again and again after many failed login attempts.
4. Faster connection: We are all busy. A strong password is suggested to be at least 16 characters long and takes a long time to type compared to scanning a fingerprint or opening a magic link.

Limitations of Passwordless Authentication

Passwordless authentication is not perfect and has some limitations from a security and experience perspective.

• Unknown user experience: Many people have a habit of automatically typing or auto-filling passwords. A change to a magic link or OTC can come as a shock to users.
• Stolen Devices or SIM Swapping Risks: Sending unique codes via SMS can leave your users vulnerable if their phone is stolen or if they are the victim of a SIM swap scam.
• Biometric security is not perfect: Fingerprint readers, TouchID and FaceID have been successfully hacked over the years.

Relying on a single factor for authentication, password or not, always presents some level of risk. We recommend that you always use multi-factor authentication (MFA) whenever possible.

Is passwordless authentication secure?

Yes, passwordless authentication is considered safe, but it’s not completely risk-free. An account without a password will not have to fear that this password will fall into the hands of a malicious person. This can happen through data breaches, brute force hacks, lost devices, or misplaced post-its.

Many of the risks associated with passwordless authentication apply equally to other methods.

If a hacker has access to your email account and you are using Magic Links for passwordless authentication, they will be able to log in easily. This risk, however, is the same if you use a normal password. The bad actor would just need to click “reset password” and send the reset link to that same email address.

Finally, like any other system, a passwordless authentication system is also vulnerable to direct attacks aimed at circumventing or circumventing security measures. No matter how secure you act, the systems that store and verify your credentials are never completely secure.

Fingerprint verification and other biometric factors are much more difficult but not impossible to cheat and offer a very secure way to authorize yourself.

Passwordless Authentication vs Multi-Factor Authentication (MFA)

Multi-factor authentication is a method of using multiple authentication factors when logging in. This very often happens when you log into an account with a username and password and then receive a 6-digit one-time-use code (OTC) to confirm your ownership of the device.

In this example, the OTC factor is passwordless. Instead, if you were to use a fingerprint and one-time passcode, you have an entirely passwordless MFA setup.

How to Implement Passwordless Authentication on Your Website

Integrating passwordless authentication into your app or website is easier than ever. Depending on your existing infrastructure, you have many options:

• User management solutions: These providers offer a fully managed service that not only provides traditional and passwordless authentications, but also user management and permission management.
  • When to use: New system releases, startups, and teams looking to avoid all low-value, high-risk development work.
  • When not to use: If you have a very custom set of authentication or user management requirements that may not match their systems.
  • Suppliers: Frontegg, Okta/Auth0, MergeAuth, Trusona, AppWrite

• Authentication service provider: These services provide user authentication, access management and other services such as session management.
  • When to use: You have existing user management services and want someone to handle passwords and authentication.
  • When not to use: You have limited development experience or resources. If you have a simple identity and access management model, you might want to consider a fully managed solution, as mentioned above.
  • Suppliers: AWSCognito, Google Identity Platform, Microsoft AzureAD

Passwordless Authentication with React – Speedrun

To demonstrate how easy it is to introduce passwordless methods to your users, we’re going to show you a 5-minute tutorial with a provider called Frontegg. A standalone, end-to-end user management platform that, among other user management features, provides a few forms of passwordless login methods.

Creating login and authentication services is extremely time consuming and doesn’t add value to user flows, but can be detrimental if you get it wrong. As services offering authentication get better and cheaper, there shouldn’t be much reason to build your own password validation systems for your apps.

1. Create your free Frontegg account

Create your Frontegg account through their website. Be sure to select Magic Code or Magic Link as passwordless options during the onboarding process!

2. Start the onboarding process

Once you have finished creating your login box and selected your passwordless methods, you will see an option to Publish to Dev.

Frontegg uses Environments (Dev, QA, Staging, Production) with unique subdomains, keys and URLs for your authentication environments.

You will now be taken to a page with sample code, and more importantly, your `baseURL` and `’clientID`. Leave this page open and proceed to your IDE for the next step.

3. Create the React app (skip this if you already have your own app)

In your terminal, type the following commands to create a new Reactreact application and navigate to the new directory.

npx create-react-app app-with-frontegg
cd app-with-frontegg

4. Install and import Frontegg

Run the following command to install the Frontegg React library and react router. You can skip installing react-router if it is already installed in your application.

npm install @frontegg/react react-router-dom

5. Configure connection settings

In the src/index.js file, add the code below. Then go back to your Frontegg page and find `baseUrl` and ‘clientID’ in the code samples.

Note: These values ​​are still in the Administration section of your workspace after this onboarding flow is complete.

import React from 'react';
import ReactDOM from 'react-dom'; 

import App from './App';
import './index.css';

import { FronteggProvider } from '@frontegg/react';

const contextOptions = {
  baseUrl: '## YOUR BASE URL ##',
  clientId: '## YOUR CLIENT ID ##'
};




ReactDOM.render(
    <FronteggProvider contextOptions={contextOptions} hostedLoginBox={true}>
        <App />
    </FronteggProvider>,
    document.getElementById('root')
);

6. Redirect to login

Using the Frontegg useAuth hook, you can determine whether a user is authenticated or not. If the user is not authenticated, you can redirect the user to login via the useLoginWithRedirect hook (as shown in the example below).

import './App.css';

import { ContextHolder } from '@frontegg/rest-api';
import {
  useAuth, useLoginWithRedirect
} from "@frontegg/react";

function App() {
  const { user, isAuthenticated } = useAuth();
  const loginWithRedirect = useLoginWithRedirect();
  
  
  
  
  
  
  const logout = () => {
    const baseUrl = ContextHolder.getContext().baseUrl;
    window.location.href = `${baseUrl}/oauth/logout` +
                           `?post_logout_redirect_uri=` +
                           `${window.location}`;
  };
  return (
    <div className="App">
      { isAuthenticated ? (
        <div>
          <div>
            <img src={user?.profilePictureUrl}
                 alt={user?.name}
            />
          </div>
          <div>
            <span>Logged in as: {user?.name}</span>
          </div>
          <div>
            <button onClick={() => alert(user.accessToken)}>
              What is my access token?
            </button>
          </div>
          <div>
            <button onClick={() => logout()}>
              Click to logout
            </button>
          </div>
        </div>
      ) : (
        <div>
          <button onClick={() => loginWithRedirect()}>
            Login
          </button>
        </div>
      )}
    </div>
  );
}

export default App;

7. Login

To run npm start or open http://localhost:3000 in your browser and click on the Login button. You should see your newly created login and registration pages.

Note, there is no password field here 🎉

Click on Register, access your email and click on Activate my account.

When you want to sign in, you just have to enter your email, wait for the six-digit code to arrive, and you’re connected. No password, no worries.

Conclusion

I hope this guide to passwordless authentication has helped you not only understand how accessible this technology is, but also how important it will become in the next few years.

Governor Kathy Hochul today announced a new text notification effort to deliver the latest information on monkeypox directly to New Yorkers.

New Yorkers can sign up to receive text messages — which will include alerts about cases, symptoms, spread and resources for testing and vaccination — by texting “MONKEYPOX” to 81336 or “MONKEYPOXESP” for texts. in Spanish. By providing a zip code, New Yorkers can also sign up for location-based messages.

“We are building on our ongoing response efforts to bring the latest monkeypox information, tools and resources directly to New Yorkers,” Governor Hochul said. “As we continue to work with the federal government to push for more vaccines, I urge New Yorkers to sign up for these important alerts and stay informed about updates on monkeypox in your community. .”

The new SMS campaign is designed to alert New Yorkers of relevant information about monkeypox, so they have protective public health information and resources at their fingertips. The posts will cover information about how monkeypox presents and is transmitted, as well as what New Yorkers should do after exposure.

Information on how to register for the SMS campaign will be disseminated widely through social media, voter engagement, community organizations and the state’s Excelsior Pass platform.

State Health Commissioner Dr. Mary T. Bassett said: “In public health, information is one of our most valuable tools. This innovative campaign, which provides texts in English and Spanish, will help bring education and resources directly to New Yorkers – expanding the access to updates on monkeypox and the availability of vaccines and care I encourage everyone to sign up for these alerts and stay informed about the best ways we can all protect ourselves and mitigate the spread in our communities.”

New York State continues to work closely with the Centers for Disease Control and Prevention’s Monkeypox Response Team on vaccine distribution plans to ensure that New York State receives its fair share of the supply of vaccines as they become available to protect New Yorkers, especially for New Yorkers in communities with high transmission rates. Governor Hochul recently spoke with Dr. Ashish Jha and Dr. Raj Panjabi of the White House to secure additional vaccine doses to meet the needs of New Yorkers.

Today’s announcement builds on the New York State Department of Health’s (NYSDOH) ongoing public awareness efforts on monkeypox, including the recent launch of a digital advertising campaign pay to inform communities experiencing higher rates of monkeypox cases, including gay and bisexual men and other men who have sex with men.

NYSDOH dedicated website, which stays up to date with the latest information, offers free downloadable materials including a palm map, information map, handout and posters available in English and Spanish. NYSDOH has already distributed these resources to LGBTQ+ organizations, local county health departments, healthcare providers, and businesses. The posters will be displayed at gathering places across the state, including health centers, transit centers, parks, rest areas, restaurants, bars and nightclubs.

In addition to public outreach, the New York State Department of Health continues to focus on delivering vaccines to communities. July 12, NYSDOH announcement his second allocation of the JYNNEOS vaccine from the federal government. This supply remains limited, and New York State is actively working with the federal government to communicate the urgent need to increase supply to meet the preventative needs of New York residents. Local county health departments that have been supplied administer the vaccine directly and establish their own appointment processes. Working in partnership with counties, New Yorkers who sign up for location-based alerts can receive alerts about vaccine availability, clinic locations, scheduling, and other smallpox-related updates from monkey specific to their region.

Earlier this week, NYSDOH, in partnership with the New York City Department of Health and Mental Hygiene (NYCDOHMH), hosted a Monkeypox Town Hall for community leaders led by State Health Commissioner Dr. Mary T. Bassett and City Health Commissioner Dr. Ashwin Vasan. New York City and other local municipalities have their own alert systems in place, and local residents should follow these updates as well. Working in partnership with community organizations and advocates, NYSDOH remains committed to continuing to raise awareness and maintain direct dialogue with New Yorkers, especially those most affected by the current outbreak.

NYSDOH continues to provide information and support to healthcare providers and local county health departments, including tips on case detection and notification. New York State has the capacity to test, and due to efforts to expand capacity, testing is now also available at LabCorp, Mayo Clinic and Aegis Sciences Corporation and will soon be available at two other national labs including Quest Nichols Institute Diagnostics and Sonic Healthcare.

New Yorkers can sign up for the text campaign by texting “MONKEYPOX” to 81336 or “MONKEYPOXESP” for texts in Spanish. New Yorkers will be able to provide their zip code to sign up for location-based messaging, if they wish.

For more information on monkeypox, visit health.ny.gov/monkeypox.

New Yorkers can learn more about New York State first allocation of vaccines from the federal government here and the second attribution here.

The Petroleum and Energy Regulatory Authority (EPRA) has introduced an SMS service that will help motorists to check fuel prices and even whether petrol station attendants are registered employees.

EPRA’s decision to create USSD*363# and SMS services has been attributed to increasing cases of gas stations selling adulterated fuel and some illegal price increases.

Services that can be confirmed via SMS include pump prices, employee details, accident and complaint reporting, license details verification and truck verification.

The short SMS code can also be used by students taking EPRA-related courses or those who want to know the status of their exams.

How to check fuel prices

One can confirm the price of fuel by typing the word price (space) town and sending the message to 40850. An example of SMS is – Price Nairobi.

How to check employee details

Type the word employee followed by the national identification number, then send the message to 40850. For example, Employee 12345678.

How to report an accident

Type the word accident then send the message to 40850. EPRA agents will respond to the report within 24 hours on weekdays.

How to file a complaint

Type the word complaint then send the message to 40850. EPRA is asked to respond within 24 hours.

How to check license details

Type the word license followed by the license number and send the message to 40850, for example – License 1234.

Checking exam details for students

Students can check their exam details by sending the exam details followed by the reference number obtained after submitting their license application to 40850.

EPRA is responsible for the production, import, export, transmission, distribution, supply and use of electrical energy, with the exception of the authorization of installations nuclear.

It also has the mandate to import, refine, export, transport, store and sell petroleum and petroleum products except crude petroleum.

The authority further collects, maintains and manages upstream petroleum data.

A gas station attendant pumping fuel into a car.

accident illegal

SIM card fraud unfortunately manifests itself in many ways, but one of the most pernicious forms is SIM card swapping. SIM swapping is the process by which a hacker or malicious actor obtains the personal information and mobile number of an unsuspecting individual. This bad actor then uses this information to request a new SIM card from the victim’s mobile provider. Once received and placed in the malicious actor’s mobile device, this SIM card allows the hacker to access the victim’s SMS codes and change passwords, allowing unhindered access to banking and financial accounts, And much more.

The prevalence of SIM card fraud has risen sharply since the onset of COVID-19, primarily due to increased reliance of customers on remote access procedures, reduced willingness of customers to visit branches and increased hacker interest in SIM-centric social engineering attacks. These trends have resulted in approximately $100 million in losses in the United States in 2021 alone.

Measuring the impact of SIM swapping

The most obvious impact of SIM swapping is monetary losses – like the $100 million figure quoted above. Apparently anyone can be a victim or a perpetrator – in 2019 Twitter CEO Jack Dorsey was famously a victim of SIM swapping, and the year before a fifteen-year-old was able to steal $23 million in cryptocurrency from a single victim.

Ultimately, the responsibility for these losses rests with the customer, not the supplier. Although this may seem positive for mobile phone providers at first glance, who would probably not want to be dependent on such high figures, it can have a considerable impact on the reputation of the provider. Increasingly, customers don’t want to do business with vendors who don’t take their security seriously, and high-profile cases of identity theft and fraud can have a lasting negative impact on how vendors are perceived.

Current methods used for SIM card registration and replacement

Historically, the SIM card registration process, whereby a new customer registers with a mobile operator and provides their personal information, was done in person at a local office or branch. This face-to-face workflow is overall a very secure process, giving providers a solid foundation to get to know their customers and deliver their services with confidence that the user is in fact authorized and legitimate. Increasingly, however, this process has become available remotely due to the perceived inconveniences of in-person procedures; this has only accelerated in recent years due to the COVID-19 pandemic.

Remote replacement procedures performed online or over the phone are inherently less secure than those performed in person. Indeed, these rely on authentication methods that are increasingly prone to fraud, such as passwords. With identity theft at an all-time high lately, it has become increasingly easy for bad actors to pose as a victim and fraudulently obtain a replacement SIM card. To combat this, mobile phone providers are researching and implementing stronger authentication methods than traditional ones.

Biometric authentication to reduce SIM card fraud

For vendors looking to improve security for their customers without adding additional inconvenience, biometric authentication is a solid option. Unlike passwords and PINs, biometrics take advantage of the uniqueness of our physical characteristics, dramatically increasing security and significantly reducing a malicious actor’s ability to impersonate a customer.

Contemporary biometrics requires no special hardware and is as easy to perform as a person taking a selfie. Modern biometric technologies are mobile, using the cameras and microphones of today’s smartphones and devices to perform a facial capture or voice prompt of a user wherever that person is. The presented face or voice would then be matched against the user’s existing biometric profile, ensuring that the user is indeed the authorized person.

Therefore, since biometrics relies on something you are instead of something you know — such as a password or the answer to a security question — a customer’s means of authentication cannot be stolen by a malicious party.

Biometric authentication is also fast, ensuring a high level of convenience for users. Today, highly secure facial or voice recognition can take place in seconds via a mobile device, using the cameras and microphones already included. No special hardware is needed and the whole authentication process can be natural and frictionless.

Additionally, biometric authentication software can replace contemporary authentication methods such as passwords relatively quickly and easily with minimal implementation issues. Providers can continue to maintain their existing workflows for SIM card registration and replacement; the only change is how users authenticate.

With SIM card fraud on the rise around the world and passwords becoming more outdated and prone to fraud, now is the time for mobile phone providers to review their authentication procedures and look for proven alternatives. Too much is at stake not to do this.

Two-factor authentication (2FA) is becoming mandatory on many websites, and it’s easy to see why. On the face of it, requiring you to confirm your login via text or app provides a solid second layer of security. But how strong is he?

With security threats on the rise and people having more to lose online than ever, it’s only natural to want to protect yourself as much as possible. While hacking into a social media account can be annoying, there are far more serious consequences to having lax cybersecurity. Hackers could access your bank accounts and drain your savings, sensitive files and photos could be stolen, and you could even have a business account hacked and land in hot water with your boss.

The term “two-factor authentication” refers to a second step to confirm who you are. An additional layer of protection will, by default, provide more security than a simple barrier. However, there is more than one 2FA method; all methods offer different levels of security, and some are more popular than others. So can 2FA make your sensitive accounts invulnerable to hackers? Or is it just a huge waste of effort? Let’s find out.

Texting is not as safe as it seems

The most common form of 2FA is SMS-based. Your bank, social media account, or email provider sends you an SMS with a code, which you enter within a set time. This gives you access to the account and protects your connection from anyone who doesn’t have your phone. At first glance, this is the safest method. Someone would need to steal your cell phone or devise an elaborate, James Bond-like way to clone your SIM card to get around this one, right? Bad.

Last year, Vice claimed a hacker could use a flaw in the SMS system to hack your number and redirect your SMS messages for as little as $16. There are also more or less sophisticated methods that an individual can use to access your messages. The easiest is to just call your phone company pretending to be you, saying your phone is missing, and asking the company to change your number to another SIM card. The most complex involve attacking the company directly and intercepting messages.

As for how they get personal information and your phone number? They might do shady deals and buy personal information about you and your various online activities on the dark web. Or they might check your Facebook for details like your date of birth, phone number, schools you attended, and your mother’s maiden name. You may know precisely what information you’re posting, but many people don’t.

At the very least, it is possible to protect yourself from sim swap attacks or be alerted when they occur. But you should consider adopting a different 2FA method if possible.

Email-based 2FA might be useless

Two-factor authentication should add an extra layer of security between your account and a potential threat. However, if you’re lazy, all you’re doing is adding an extra step and potentially giving an internet miscreant a good laugh. If you’re the type of person who uses the same password for everything and their email account is used to secure their target account, you could be in a lot of trouble. A hacker can log into this email address using the same information they have already stolen and authenticate their actions.

If you insist on using 2FA over email, you should create a separate email account just for authentication purposes with its unique, hard-to-crack password. You can also use another method as they are all more secure.

Push-Based Might Let You Down

Push-based authentication can be fast, simple, and secure. A device, which can be your smartphone, is linked to your account and registered as a 2FA method of your choice. From then on, whenever you want to log in, you will receive a push notification on this device. Unlock your phone, confirm it’s you, and you’re connected. Sounds perfect, right?

Unfortunately, there is a catch or two. The main problem with the push-based method is that your device must be online for you to use it. If you need to access an account and your phone is having trouble getting a signal, you’re out of luck. It’s worth pointing out that this hasn’t been an issue for me in the few years I’ve used it. If I need to get online, I’m usually somewhere with WiFi, which my phone can use. I’m more likely to be somewhere where I can’t receive text messages than somewhere I’m trying to connect and can’t get a push notification on my phone.

Hardware-based 2FA takes a lot of effort

Physical authentication keys are as close to being hack-proof as possible. It’s basically a USB stick filled with protocols and security codes that you plug into a device that you connect to. You can keep it on your keychain and take it with you, or keep it in a safe and only take it out when you need to connect to something that needs that extra layer of security. The main danger with a physical key is losing or breaking it, something you may have done with USB drives in the past.

It is also possible to physically write down a long and complex authentication password. It is a string of numbers and characters and a popular method for securing cryptocurrency wallets. As these are hard to break, The FBI broke into a house find a piece of paper containing a 27 character password, which was easier than finding it. You can’t hack into something written on a piece of paper and stored in a desk drawer, and supercomputers can take years to go through the possible combinations involved in high-level encryption.

Of course, if it’s in your desk drawer, it’s not with you. If you take it with you, you can lose it as easily as you can lose a 2FA USB key. And when it is gone, you will at best have to go through an account recovery process or at worst lose access to your account. The physical method is the best thing you can do in terms of security, but the worst in terms of convenience. You can use it as a foolproof account recovery method, but it’s probably best avoided for things you access on the fly.

App-Based 2FA Worth Checking Out

Download an app like Google Authenticator comes with a few benefits. It is more secure than methods such as email and SMS authentication; it is free in most cases and still works if the device does not have an internet connection. This is due to the synchronization-based algorithm, which produces different keys at different points in time. A key is only valid for a set period and must match the device and site the user is connecting to.

There are still some vulnerabilities. With Google Authenticator, there’s no lock on the app itself, so anyone who can access your phone can open it and use it. Some malware could also take advantage of the lack of a passkey, so you should consider alternatives like the Microsoft Authenticator app, which adds an extra layer of security to the authentication process with features like biometric unlock. It’s also vulnerable to phishing attacks, where you enter the key into a fake website and allow a fast-acting hacker or bot to use it. They are also open to interception.

You should always use 2FA

(I know it’s cheesy and the pictures aren’t my strong suit, but it doesn’t look right without maintaining the “all pirates wear hoodies in dark rooms” trope.)

I have identified flaws with each method mentioned, and more will likely appear over time. But the more security you have, the better. You should 100% use 2FA and other methods like a password manager to secure your online accounts.

There’s a balance between security and convenience, so find what works for you. Maybe the hardware-based method is overkill or something you’re sure to lose. Texting might not be as secure as it looks, but it still takes a bit of effort to crack it. If you’re just an average Joe, you probably won’t be worth being individually targeted, and SMS authentication is something that will dramatically increase your online security.

Examine your life, assess what you have to lose, and determine how much effort you want to put into it. But at least choose a 2FA method (which is not email-based) and make sure you have a different password for each account you care about.

Nairobi — Kenyans will now be able to fully participate in the presidential debate scheduled for this month through the social media platforms opened by the presidential debate team.

They will be able to post their questions via WhatsApp, email and SMS code on the governors’, vice-presidents’ and presidents’ debates which will be held on July 11, 19 and 26 respectively.

Speaking at the signing of a partnership with Mkenya Daima and the Kenya Private Sector Alliance, Kenya Editors Guild President Churchill Otieno said the questions posed will guide the discussions.

“We are opening up channels for Kenyans, especially in Nairobi, who wish to contribute to the questions of the debates. Those who prefer WhatsApp will use the phone number 0796560560, by SMS they use the code 22843 and by email they use info @debates.co.ke,” he said.

According to the chairman of Mkenya Daima, Vimal Shah, Kenyans must know that voting is their responsibility and that candidates must accept the will of Kenyans regardless of the outcome of the elections.

He said the debates will indicate the type of leaders who will come to lead the country and that Kenyans should post their questions to get a clear view of the plans they have for them.

“I appeal to those who come later to say that the candidate did not answer such and such a question, since there are platforms like WhatsApp and the SMS code, please post the questions and they will be answered”, she said.

Kenyans were urged to send in their questions before midnight on the day of the debate to ensure a dynamic and continuous flow of questions to be asked.

Churchill added that the debate would take place in two stages.

“The first tier will include gubernatorial candidates whose approval rating, based on three recent opinion polls, is less than 5%, while the second tier will include candidates who have achieved more than 5% in the polls. the same opinion polls,” he said.

The debate will take place with respect for the values ​​of fairness, integrity, independence and responsibility, the organizers promised.

Candidates can also check their results by SMS. According to the Minister of School and Mass Education Department, Samir Ranjan Dash, the high school exam result will be uploaded to the website within an hour of the results being released.

BSE Odisha class 10 board exams were conducted between April 29 to May 6, 2022 between 8 a.m. to 11 a.m. The board had changed the matrix exam model this year. The tests were held on 80 points for all subjects except professional trades and the third language.

BSE Odisha Class 10th Result 2022: How to Check Via Website

Step 1: Visit the official website — bseodisha.nic.in

Step 2: Click on the link “BSE Class 10 result 2022” available on the homepage

Step 3: You will be redirected to a new page

Step 4: Log in using registration number and personnel number

Step 5: The result will appear on the screen

Download and print the result for future reference.

BSE Odisha Class 10th Result 2022: How to Check via SMS

Class 10 students can also check their results by SMS. To check the result by SMS, students must follow the format given:

Step 1: Type OR10

Step 2: Text 5676750.

Step 3: Odisha Table Class 10 results will be available on the same mobile number.

Download and print the result for later.

In 2021, a total number of 2,80,352 boys and 2,81,658 girls were passed. The overall pass percentage was 97.89%. The board had canceled madhyamik exams in the state due to an increase in Covid cases and the students were assessed on the basis of alternative assessment criteria.

Glia, the leading digital customer service (DCS) provider, has extended the proactive outbound capabilities of its DCS platform with two new features:SMS without channel and ChannelLess outgoing calls.

Both allow service representatives to contact customers and easily add richer digital channels, such as chat, voice or screen video, without interrupting the connection.

“Our customers have been incredibly responsive to texting, especially our QR code promotions at sporting events and service options at car dealerships. We’re excited to take our texting capabilities to the next level with the outbound capabilities of Glia, directly tied to our digital customer service platform, we see a significant opportunity to become very proactive and grow our business,” said Jeff Ward, Chief Technology Officer at SimplyIOA.

SMS and the ChannelLess benefit

Canal of GliaLess The architecture overcomes omnichannel limitations by fully integrating all communication channels, including SMS, into a single platform. This allows for easy channel-to-channel transitions and unified administration across all customer engagement.

With Glia, businesses can proactively reach out to their customers and initiate seamless engagement that can start with SMS. Customers are not required to make a phone call to continue service. All engagement remains digital, shifting to chat, voice or on-screen video for real-time support and can include connavigation for on-screen collaboration.

Glia’s ChannelLess SMS connects customers to the same service representative who sent them an SMS via affinity routing. It also includes tools to help service reps further accelerate engagements, including auto-complete, pop-up messages, and automation capabilities through AI and chatbots.

In addition to a better on-screen experience, Glia’s seamless digital customer service platform dramatically improves engagement security. SMS messages are not encrypted, which makes them vulnerable to data breaches and identity theft. Glia’s chat, voice, and OnScreen video have end-to-end encryption to protect sensitive data.

Outbound calls go digital with a channelless approach

Businesses can now proactively reach their customers over the phone and drive them to fully digital engagement with Glia’s enhanced ChannelLess calling feature. By accessing a computer or mobile screen, customers can continue engagement digitally, via chat or video, without hanging up and starting over. This is especially useful for complex tasks where digital guidance with CoBrowsing and online collaboration is easier than talking to a customer through multiple steps on the phone.

ChannelLess SMS and outgoing calls from Glia help companies to:

• Speed ​​up application processes, such as loans, credit cards or opening new accounts
• Discreetly manage disputes and collections
• Promote outbound marketing offers
• Immediately manage alerts and notifications

“We continue to build on our mature digital customer service platform and deliver new features to further enhance the online experience. Increasingly, companies are looking to become proactive; Glia allows organizations to initiate a conversation via text or even a phone call and keep customers on screen for a seamless digital experience that can include secure chat, voice and on-screen video,” said said Justin DiPietro, co-founder and chief strategy officer of Glia.

Glia’s seamless SMS and outbound call capabilities are available today and already in production with Glia customers. For more information and to see how Glia can help your organization, visit the SMS solution page.

About Glia

Glia is reinventing the way companies support their customers in a digital world. Glia’s Digital Customer Service (DCS) solution enriches web and mobile experiences with digital communication choices, on-screen collaboration and AI-powered assistance. Glia has partnered with over 300 banks, credit unions, insurance companies and other financial institutions worldwide to improve customer experience and drive business results. Named both a Deloitte Technology Fast 500™ company and a Great Place to Work (with a 97% employee satisfaction rating) for a second consecutive year, Glia continues to achieve broad industry recognition and thought leadership in in customer service, including publishing the definitive book on DEC with Wiley. The company has raised over $150 million in funding from top investors.

To find out more visit glia.com.

There are no official data on the number of stoppages but according to estimates by research organizations, it seems that their frequency has increased in recent years. A growing number of people have been affected as a result as internet usage has increased in India and the coronavirus pandemic has made it even more of a commonly used essential service.

How do internet shutdowns affect people and why do governments impose them?

What does the data on Internet suspensions say?

According to the Software Freedom Law Center (SFLC), a legal service organization working in this field in India, since 2012, there have been 665 internet shutdowns in India nowadays. Here, “shutdowns” means a complete ban on mobile (3G, 4G/LTE) or fixed (dial-up, wired/wireless broadband) internet, both or either of which can be shut down.

According to internet freedom and technology policy organisations, India is the top country (by number) for internet disruption incidents and frequency of shutdowns. This year, 59 closures have been imposed, according to SFLC, which determines closures based on government orders and media reports.

This raises another question: Internet shutdowns aren’t always officially announced, so it can be difficult to know if your phone is just not working properly or if a shutdown is in place. Raman Jit Singh Chima, senior international lawyer at Access Now, which works to secure an “open internet”, told The Indian Express that some telecom companies in states like Rajasthan are alerting people via SMS, but this it’s not mandatory.

Jammu and Kashmir has seen over 411 lockdowns since 2012, with the longest lasting over 552 days after the former state’s special status was revoked.

Among the states, Rajasthan has seen the most lockdowns – with 88 such cases in almost 10 years. The reasons range from protests by the Gujjar community for the reservation to preventing cheating during the Rajasthan Teacher Eligibility Examination (REET) held to select primary school teachers last year, which was taken by about 16 lakh seekers.

How do governments justify shutting down the internet?

Governments claim that misinformation and rumors can lead to a breakdown of law and order in an area, so curbing the flow of information helps maintain peace between communities in times of crisis.

But many experts have countered that in the absence of sources of information like the media, rumors may actually end up spreading even more. Additionally, important services such as those related to payments, banking, and access to education are all cut off in an instant, leading to multi-level disruption and economic loss.

What is the procedure for shutting down the Internet?

In February 2022, Lok Sabha MP Varun Gandhi asked parliament whether the government keeps records of closures or intends to, and if not, what protocol is followed.

Minister of State for Communications Devusinh Chauhan responded that the States Review Committee, chaired by the Chief Secretary (the highest official of a state) is mandated by the rules for temporary suspension of telecommunications services (public emergency or public safety), 2017, to decide that the stops were made according to the rules.

Rules drawn up by the central government state that temporary suspensions can be “due to public emergency or public safety” and give senior Home Office officials at central and state levels the power to order closures.

Newsletter | Click to get the best explainers of the day delivered to your inbox

Before the rules came into effect in 2017, internet shutdowns were ordered under Section 144 of the Code of Criminal Procedure, which gives district magistrates sweeping powers in dangerous situations.

So what is the debate about closures?

Anuradha Bhasin, a Kashmiri journalist, has petitioned the Supreme Court over the Internet shutdown in Jammu and Kashmir, which she says has brought a halt to newspaper printing work and life in general .

In its order issued in January 2020, the court ruled that “freedom of speech and expression and the freedom to practice any profession or to carry on any trade, business or occupation on the medium of the Internet enjoys a constitutional protection under Article 19(1)(a) and Article 19(1)(g)”.

The court ordered the J&K administration to “immediately review all internet service suspension orders” because “an indefinite suspension order for internet services is unconscionable.”

He said that “the restriction of these fundamental rights must be in accordance with the mandate provided for in Article 19 (2) and (6) of the Constitution, including the test of proportionality”.

The court ordered the government to compulsorily publish all orders allowing internet shutdowns, paving the way for the first time for the suspension orders to be challenged in court. In December 2019, the High Court in Gauhati ordered the government of Assam to restore the internet to the state after reviewing the suspension orders.

In December 2021, Parliament’s Standing Committee on Communications and Information Technology, led by Congress Leader Shashi Tharoor, said: “…Governments have resorted to telecommunications/internet shutdowns for reasons not so pressing and have regularly used it as a tool for routine policing and even for administrative purposes, such as preventing exam cheating to defuse local crime, which are not large-scale public safety issues and certainly do not constitute a “public emergency”.

The Home Office told the committee: ‘The phrase public emergency has not been defined in law, but contours broadly delineating its scope and characteristics are discernible from the section which is to be read in general. The competent authority must form an opinion on the occurrence of a state of public emergency with a view to taking further action under this article. »

Some of the committee’s suggestions included defining terms such as “public emergency” to avoid their use without cause. He added that some apps or websites could be banned, such as WhatsApp, where the possibility of rumors being widely circulated is high, while other internet services could remain available to users.

Before we enter July, here is an overview of the main financial changes that are expected to have an impact from next month:

TDS on cryptocurrency, VDA

As announced in this year’s Union budget, the Center issued a circular on June 22 detailing the tax deduction process for transfers of virtual digital assets (VDAs) and cryptocurrencies from July 1, 2022. Now, the buyer of a VDA will have to deduct 1% of the amount paid to the seller as income tax withheld at source (TDS).

Tax must be deducted when crediting the amount or when paying to the resident individual, whichever comes first. The CBDT clarified that the tax will only be deducted if the amount paid exceeds the specified limit of Rs 10,000. The threshold limit for TDS would be Rs 50,000 per annum for specified persons.

New credit card rules

Credit Card Billing – In order to avoid repeated complaints about late billing, the Reserve Bank of India has stated that the card issuer may offer to issue bills and account statements via internet/mobile banking with the informed authorization of the card holder. Additionally, card issuers must have a system in place to ensure that the cardholder receives the billing statement.

Credit card closure – Banks are required to honor credit card cancellation requests by immediately contacting the customer via email, text message or another channel.

New labor code

Although the Center has not made any official announcement on the implementation of the new labor code, reports claim that it could come into effect from July 1. The introduction of the new labor code might lower the number of working days in a week, but the daily working hours may increase accordingly. The salary in hand of the employees could undergo a significant change because the code prescribes an increase in the contribution of the employee to the Provident Fund.

The new rules state that an employee’s base salary must be at least 50 percent of their gross monthly salary, resulting in an increase in the FP contribution paid by employees as well as employers.

PAN- Aadhaar connecting well

Interest rates for small savings plans

For the first quarter of FY23, the government has decided to keep interest rates on government-guaranteed savings instruments unchanged. The interest rate of the various small savings plans for the first quarter of the financial year 2022-23 starting on April 1, 2022 and ending on June 30, 2022 remained unchanged compared to the rates applicable for the fourth quarter of the financial year 2021-22.

However, this could change for the next quarter and new rates could come into effect from July 1, to encourage investors in PPF, Sukanya Samriddhi Yojana and NSC.

KYC demat deadline

The deadline for making existing demat and trading accounts KYC compliant is June 30, 2022. A demat, trading account holder must update the following KYC attributes by June 30.

I) Last name

II) Address

III) STOVE

IV) Valid mobile number

V) Valid email id

VI) Income bracket

At least 1,000 people lost their lives and 1,500 people were injured in the 5.9 magnitude earthquake that struck Afghanistan’s Khost province. The IHH Humanitarian Relief Foundation immediately launched an emergency relief campaign for the area.

Reports indicate that Spirey province in Khost and Giyan, Ziruk and Naka provinces in Paktika were the most affected by the earthquake which struck early in the morning. It is reported that 1,000 people lost their lives and 1,500 were injured. Search and rescue operations are currently still ongoing in the affected locations.

Distribution of hot meals

IHH launched an emergency relief campaign soon after the earthquake. Two teams were quickly mobilized by IHH Afghanistan to be deployed to the disaster areas. In the first phase of operations, our teams distributed hot meals to 560 victims. 50 double blankets and 50 tents were also delivered. The IHH teams are continuing their operations to help the victims.

Many houses were damaged

Many houses were damaged by the earthquake which could also be felt in Kabul, the capital of Afghanistan and in Islamabad, the capital of Pakistan. Two earthquakes followed in western Punjab in Pakistan. Another 4.3 magnitude earthquake also hit the city of Faizabad in Afghanistan.

This earthquake hit the same area as many times in just one week.

Give support

Donors who wish to support the Afghan earthquake affected population through IHH can donate 10 TL by sending SMS through all operators sending SMS to AFGHANISTAN. Those wishing to contribute larger amounts can donate online through the IHH website or bank account numbers showing code AFGHANISTAN.

According to NPCI, no transactions can be executed through open internet connectivity. Multiple layers of security protocols are placed to ensure secure end-to-end transaction processing, he said. Here we explain why no one can steal your FASTags money.

FASTag uses RFID

FASTag uses Radio Frequency Identification (RFID) technology to communicate with a scanner installed at toll plazas. Once the car has passed the toll plaza, the required toll amount is automatically deducted from a bank account or prepaid wallet linked to the FASTag.

Vehicles must pass through the toll, and if the beacon is linked to a prepaid account like a wallet or debit/credit card, owners must top up/recharge the beacon. If linked to a savings account, the money will be automatically deducted when the balance falls below a predefined threshold. Once a vehicle passes the toll, the owner receives an SMS alert about the deduction. The alert is like money debited from accounts or wallets.

Works on P2M

FASTag can only be used for person-to-merchant (P2M) transactions, which means no person-to-person (P2P) transactions are allowed. “An individual cannot receive money into the NETC FASTag ecosystem from fraudulent transactions,” NCPI said in a statement.

Security

NPCI clarified that only Authorized System Integrators (SIs), who are authorized on behalf of dealerships, are permitted to perform and initiate payment transactions at toll plazas. The infrastructure deployed between the IS system, the dealer and the banks is secured by only whitelisting authorized IP addresses and URLs.

The hardware installed in the Toll Plaza server room is cryptographically secured through the Hardware Security Module (HSM). This ensures that no third party can interact with the system and that the transaction is carried out between the two parties.

Every API call must pass through a secure firewall. Each time the Bank connects to NPCI via API connectivity, the data is encrypted with a secure 256 SHA ECC algorithm and locked with a hexadecimal private key. Only NPCI possessing the corresponding public key will be able to access the information by decryption.

Unique Plaza Code

Each merchant (toll and parking stations) onboarded by NPCI is assigned a unique Plaza code. This is integrated only by authorized acquirer banks active on the FASTag ecosystem.

Each acquiring bank receives a unique acquiring identifier (AID). The combination of Plaza Code and Bank Acquirer ID is mapped to the NPCI end. This makes it impossible for anyone to register on the platform.

An atmosphere of violence and mistrust prevails in the country, Rajasthan Chief Minister Ashok Gehlot said, stressing that it could ruin the nation. “The policy of tension is not good for the country. A family that has tension does not advance and ruins itself. The same applies to the village, the country and the state,” he said. he declares.

Gehlot said: “There is an atmosphere of mistrust and violence. Some people may be happy that bulldozers are running. This bulldozer can also come to your house anytime,” Gehlot said at the unveiling of a statue of former MLA Sanwarmal Mor. and the inauguration of a girls’ college at Kothiyari in Sikar.

He said that without conviction by law, one cannot be called guilty. Targeting Union Minister Jal Shakti, Gajendra Singh Shekhawat on the Eastern Rajasthan Canal Project (ERCP), Gehlot referred to a statement by the leader regarding the political crisis in the state two years ago.

“The minister says if Sachin Pilot had not missed the opportunity and if the government had changed in Rajasthan, then water would have arrived (via ERCP) in the state. A Union minister can- he speak such a language? What could be more shameful than that,” he said.

Gehlot has consistently called for the ERCP to be given national project status. The project aims to supply water to 13 districts in eastern Rajasthan. Pilot and 18 deputies had revolted against the leadership of CM Gehlot in July 2020.

-With PTI input