Fred Cohen, “A Short History of Cryptography Introductory Information Protection”, 1995, http://all.net/edu/curr/ip/Chap2-1.html
Chris Savarese and Brian Hart, “The Caesar Cipher”, Historical Cryptography Website, 1999, http://www.cs.trincoll.edu/~crypto/historical/caesar.html
Cornelis Robat, “ATM (Automatic Teller Machine)”, The History of Computing Project, 17 April, 2006, http://www.thocp.net/hardware/atm.htm
Federal Financial Institutions Examination Council, Supplement to Authentication in an Internet Banking Environment, 2011, https://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf
“About OATH”, Initiative for Open Authentication, 2012, http://www.openauthentication.org/aboutOath
OATH Members list, Initiative for Open Authentication, 2012, http://www.openauthentication.org/members
WiKID Systems, “Key Fobs are an expensive hassle!”, https://www.wikidsystems.com/learn-more/Problem/hardwaretokens
Brian Krebs, “Sources: Target Investigating Data Breach”, Krebs On Security, 18 December 2013, http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
Brian Krebs, “Target Hackers Broke in Via HVAC Company”, Krebs On Security, 5 February, 2014, http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
Google, “Stronger security for your Google Account”, https://www.google.com/landing/2step/
“Setting Two-Factor Authentication Login Requirements”, SalesForce Help & Training, https://help.salesforce.com/HTViewHelpDoc?id=security_require_two_factor_authentication.htm
John Leyden, “One in 200 success rate keeps phishing economy ticking over”, The Register, 7 December 2009, http://www.theregister.co.uk/2009/12/07/phishing_hit_rate/
Mike Lennon, “Dyre Malware Targeting Salesforce User Credentials”, Security Week, 8 September 2014, http://www.securityweek.com/dyre-malware-targeting-salesforce-user-credentials
“Secure Passwords? Patented One-Time Password Technologies and their Effect on Privacy”, University of Portsmouth, 3 December 2007, http://mosaic.cnfolio.com/M591CW2007C102
Olga Kharif, “EMC Losing Ground as Smartphones Displace RSA Tokens”, Bloomberg , 27 March 2013, http://www.bloomberg.com/news/2013-03-27/emc-losing-ground-as-smartphones-displace-rsa-tokens.html
Jeff Carpenter, “Did You Know: Trends in RSA SecurID® Two-Factor Authentication”, RSA Security, 10 April 2012, http://russia.emc.com/collateral/rsa/eventpresentations/04-10-12-Two-Factor_Auth.pdf
M’Raihi, et al, “OCRA: OATH Challenge-Response Algorithm”, Internet Engineering Task Force , June 2011, http://www.ietf.org/rfc/rfc6287.txt
M’Raihi et al, “HOTP: An HMAC-Based One-Time Password Algorithm”, Internet Engineering Task Force, December, 2005, http://www.ietf.org/rfc/rfc4226.txt
M’Raihi et al, “TOTP: Time-Based One-Time Password Algorithm”, Internet Engineering Task Force, May 2011, http://www.ietf.org/rfc/rfc6238.txt
Andrew Y. Lindell, “Time versus Event Based One-Time Passwords”, Aladdin Knowledge Systems Ltd., 2007, http://www3.safenet-inc.com/blog/pdf/time_vs_event_based_otp.pdf
Archie Cobbs, “How one-time passwords work and how they integrate with HTTP authentication”, mod-authn-otp Google Code Repository, 8 July 2009, https://code.google.com/p/mod-authn-otp/wiki/OneTimePasswords
Kevin Cernekee , “stoken - Software Token for Linux/UNIX”, SourceForge Wiki, 7 July 2014, http://sourceforge.net/p/stoken/wiki/Home/
Mohit Arora, “Understanding the security framework behind RSA SecurID”, Embedded, 9 November 2011, http://www.embedded.com/design/safety-and-security/4230483/Understanding-the-security-framework-behind-RSA-SecurID
TOTP Token - FortiToken-200/200CD, Fortinet, http://www.fortinet.com/products/fortitoken/password-tokens.html
DIGIPASS GO 6, VASCO, https://www.vasco.com/products/client_products/single_button_digipass/digipass_go6.aspx
GOLD OTP Authenticator with Challenge Response, SafeNet, http://www.safenet-inc.com/multi-factor-authentication/authenticators/one-time-password-otp/gold-challenge-response-token/
DIGIPASS 260, VASCO, https://www.vasco.com/products/client_products/esignature_digipass/digipass_260.aspx
OTP c300, FEITIAN, http://www.ftsafe.com/product/otp/ocra
Lucian Constantin, “Malware hijacks World of Warcraft accounts despite two-factor authentication”, Computer World, 7 January 2014, http://www.computerworld.com/article/2487408/malware-vulnerabilities/malware-hijacks-world-of-warcraft-accounts-despite-two-factor-authentication.html
Hagrin, “The PayPal Security Key”, Hargrin’s Blog, 3 March 2007, http://www.hagrin.com/273/the-paypal-security-key
PayPal Security Key, PayPal, https://www.paypal.com/us/cgi-bin?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside
IDProve 700 Display Card, Gemalto, http://www.gemalto.com/Products/otp_display_card/index.html
Ben Popken, “Paypal’s New Security Card Fits Inside Wallet”, Consumerist, 2 August 2010, http://consumerist.com/2010/08/02/paypals-new-key-card-fits-wallet-but-doesnt-regen-every-30/
DIGIPASS® GO 215 single-button authentication and e-signing, VASCO, https://www.vasco.com/products/client_products/esignature_digipass/digipass-go-215.aspx
Lance Whitney, “RSA to replace SecurID tokens following breaches”, CNET, 7 June 2011, http://www.cnet.com/news/rsa-to-replace-securid-tokens-following-breaches/
Zeljka Zorz, “RSA admits SecurID tokens have been compromised”, Help Net Security, 7 June 2011, http://www.net-security.org/secworld.php?id=11122
Yubikey Personalization Tools, Yubico, https://www.yubico.com/products/services-software/personalization-tools/
Yubikey Hardware, Yubico, https://www.yubico.com/products/yubikey-hardware/
“The World in 2010, ICT Facts and Figures”, International Telecommunication Union, 20 October 2010, http://www.itu.int/ITU-D/ict/material/FactsFigures2010.pdf
Natasha Lomas, “Gartner: Smartphone Sales Finally Beat Out Dumb Phone Sales Globally In 2013, With 968M Units Sold”, TechCrunch, 13 February 2014 http://techcrunch.com/2014/02/13/smartphones-outsell-dumb-phones-globally/
Twilio Messaging Pricing, Twilio, https://www.twilio.com/sms/pricing
Jon Oberheide, “Early Results from X-Ray: Over 50% of Android Devices are Vulnerable”, Duo Security’s Blog, 12 September 2012, https://www.duosecurity.com/blog/early-results-from-x-ray-over-50-of-android-devices-are-vulnerable
Michael Mimoso , “Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions”, Threatpost, 6 December 2012, http://threatpost.com/zitmo-trojan-variant-eurograbber-beats-two-factor-authentication-steal-millions-120612/77287
Josh Davis, “Two Factor Auth List”, Two Factor Auth, https://twofactorauth.org/
Shubham Shah, “How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others”, Shubham Shah’s Blog, 3 May 2014, https://shubh.am/how-i-bypassed-2-factor-authentication-on-google-yahoo-linkedin-and-many-others/
“Confused deputy problem”, Wikipedia, 27 June 2014, http://en.wikipedia.org/wiki/Confused_deputy_problem
Toopher, https://www.toopher.com/
“Assisted GPS”, Wikipedia, 24 September 2014, http://en.wikipedia.org/wiki/Assisted_GPS
“Apple Push Notification Service”, Apple iOS Developer Library, 31 October 2014, https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/ApplePushService.html
“Android version history”, Wikipedia, 11 November 2014, http://en.wikipedia.org/wiki/Android_version_history
Chris Hayes, “Push Notifications -- Not Just for Games Anymore”, SecureAuth, 29 September 2013, http://www.secureauth.com/blog/push-notifications/
“Multi-factor authentication”, Wikipedia, 27 October 2014, http://en.wikipedia.org/wiki/Multi-factor_authentication
“Fast and Easy: One-Tap Authentication”, Duo Security, https://www.duosecurity.com/product/user-experience/authentication
“iPhone 5S Specifications”, Apple, https://www.apple.com/iphone-5s/specs/
Rich Miller, “Biometrics in Data Centers: Palms or Eyeballs?”, Data Center Knowledge, 23 September 2008, http://www.datacenterknowledge.com/archives/2008/09/23/biometrics-in-data-centers-palms-or-eyeballs/
“Types of Biometrics”, Biometrics Institute, http://www.biometricsinstitute.org/pages/types-of-biometrics.html
iPhone 6 Touch ID, Apple, https://www.apple.com/iphone-6/touch-id/
“The integration of smart card readers into personal computers”, Smart Card Alliance, http://www.smartcardalliance.org/resources/lib/DSI_Reader_Paper.pdf
“Common Access Card (CAC)”, DoD ID Card Reference Center, http://www.cac.mil/common-access-card/
“PIV & FIPS 201 Solutions”, HID Global Corporation, http://www.hidglobal.com/government/piv
Riley Waters, “Cyber Attacks on U.S. Companies in 2014”, The Heritage Foundation, 27 October 2014, http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014
“A Healthcare CFO’s Guide to Smart Card Technology and Applications”, Smart Card Alliance, February 2009, http://www.smartcardalliance.org/resources/lib/Healthcare_CFO_Guide_to_Smart_Cards_FINAL_012809.pdf
Homeland Security Presidential Directive 12, U.S. Department of Homeland Security, 22 July 2013, http://www.dhs.gov/homeland-security-presidential-directive-12
“Federal Information Processing Standard Publication 201”, Wikipedia, 29 August 2013, http://en.wikipedia.org/wiki/FIPS_201
Stephane Ardiley , “History of the Common Access Card (CAC)”, Security Info Watch, 19 March 2012, http://www.securityinfowatch.com/article/10653434/history-of-the-common-access-card-cac
eToken PRO Smart Card SafeNetm, http://www.safenet-inc.com/multi-factor-authentication/authenticators/pki-smart-cards/etoken-pro-smart-card-security/
“Smart Card Authentication”, Centrify, http://www.centrify.com/solutions/smart-card-authentication.asp
Ronnie Manning , “Yubico Presents the First Smart Card with User Presence to Combat Super-Spy Malware”, Yubico, 25 February 2013, https://www.yubico.com/press/press-releases/yubico-presents-smart-card-user-presence-combat-super-spy-malware-2/
“PCI Data Security Standard - Requirements and Security Assessment Procedures - Version 3.0”, PCI Security Standards Council, November 2013, https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
“HIPAA Security Guidance”, Department of Health & Human Services, 28 December 2006, http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf
Diego Matute, “Role of Two-Factor Authentication in Regulatory Compliance and Industry Guidelines”, LoginTC’s Blog, 19 March 2013, https://www.logintc.com/blog/2013-03-19-role-of-two-factor-authentication-in-regulatory-compliance-and-industry-guidelines.html
Libicki et al, “Influences on the Adoption of Multifactor Authentication”, RAND Corporation, 2011, http://www.rand.org/content/dam/rand/pubs/technical_reports/2011/RAND_TR937.pdf
Thu Pham, “2014 Costs of a Data Breach by Industry”, Duo Security’s Blog, 1 December 2014, https://www.duosecurity.com/blog/2014-costs-of-a-data-breach-by-industry
G. Padmanabhan, “Credit/Debit Card transactions-Security Issues and Risk mitigation measures”, Reserve Bank of India, 18 February 2009, http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=4844&Mode=0
Vivian Yeo, “S’pore banks gear up for stronger authentication”, ZDNet, 9 May 2006, http://www.zdnet.com/article/spore-banks-gear-up-for-stronger-authentication/
Isabelle Chan, “Better authentication allays online banking fears”, ZDNet, 18 June 2007, http://www.zdnet.com/article/better-authentication-allays-online-banking-fears-2062020506/
“Understanding Two-Factor Authentication and Transaction Signing”, MoneySENSE, 16 June 2014, http://www.mas.gov.sg/moneysense/understanding-financial-products/investments/consumer-alerts/understanding-two-factor-authentication-and-transaction-signing.aspx
M V N K Prasad and S Ganesh Kumar,“Authentication factors for Internet banking”, Institute for Development and Research in Banking Technology, http://www.idrbt.ac.in/publications/workingpapers/Working%20Paper%20No.%2011.pdf
K. T. Jagannathan, ”Two-step authentication must for credit cards: RBI”, The Hindu, 23 August 2014, http://www.thehindu.com/business/Industry/twostep-authentication-must-for-credit-cards-rbi/article6345330.ece
“RBI for two-stage verification for online banking transactions”, The Economic Times, 22 April 2014, http://articles.economictimes.indiatimes.com/2014-04-22/news/49318793_1_cheque-truncation-system-authentication-transactions
Sharma et al, “Report of the Group on Enabling PKI in Payment System Applications”, Reserve Bank of India, January 2014, http://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/PKI070214FR.pdf
Chua Kim Lee, “Two-Factor Authentication for Internet Banking Monetary Authority of Singapore”, 25 November 2005, http://www.steptoe.com/assets/attachments/1969.pdf
“Singapore to adopt two-factor authentication system in 2015”, The Paypers, 1 December 2014, http://www.thepaypers.com/digital-identity-security-online-fraud/singapore-to-adopt-two-factor-authentication-system-in-2015/757581-26
Kevin Kwang, “Two-factor authentication for SingPass will be opt-in next year”, Channel NewsAsia, 27 November 2014, http://www.channelnewsasia.com/news/singapore/two-factor-authentication/1496870.html
“ESET Secure Authentication - Second factor authentication and compliance”, ESET, 6 November 2013, http://www.eset.com/fileadmin/Images/INT/Docs/Other/ESA/2FA-and-Compliance.pdf
“App Store (iOS) Wikipedia”, 1 September 2014, http://en.wikipedia.org/wiki/App_Store_(iOS)
“Google Play”, Wikipedia, 19 November 2014, http://en.wikipedia.org/wiki/Google_Play
Mark Stanislav, “PasswordsCon 2014: End-User Authentication Security on the Internet”, Duo Security’s Blog, 14 August 2014, https://www.duosecurity.com/blog/passwordscon-2014-end-user-authentication-security-on-the-internet
“Bitcoin”, Wikipedia, 27 November 2014, http://en.wikipedia.org/wiki/Bitcoin
“Anonymous (group)”, Wikipedia, 26 November 2014, http://en.wikipedia.org/wiki/Anonymous_(group)
“LulzSec hacker helps FBI stop over 300 cyber attacks”, BBC News, 26 May 2014, http://www.bbc.com/news/technology-27579765
Simon Anderson, “Security Update”, DreamHost’s Blog, 21 January 2012, http://www.dreamhost.com/dreamscape/2012/01/21/security-update/
Nicole Perlroth, “Lax Security at LinkedIn Is Laid Bare”, The New York Times, 10 June 2012, http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html
Dara Kerr, “Dropbox confirms it was hacked, offers users help”, CNET, 31 July 2012, http://www.cnet.com/news/dropbox-confirms-it-was-hacked-offers-users-help/
Dave Engberg, “Security Notice: Service-wide Password Reset”, Evernote’s Blog, 2 March 2013, http://blog.evernote.com/blog/2013/03/02/security-notice-service-wide-password-reset/
Christopher Aker, “Security incident update”, Linode’s Blog, 16 April, 2013, https://blog.linode.com/2013/04/16/security-incident-update/
Joel Gascoigne, “Buffer security breach has been resolved – here is what you need to know”, Buffer App’s Blog, 26 October 2013, https://open.bufferapp.com/buffer-has-been-hacked-here-is-whats-going-on/
Yancey Strickler, “Important Kickstarter Security Notice”, Kickstarter’s Blog, 15 February 2014, https://www.kickstarter.com/blog/important-kickstarter-security-notice
Robert Rowley, “An Article About Authentication”, DreamHost’s Blog, 3 July 2012, https://www.dreamhost.com/dreamscape/2012/07/03/an-article-about-authentication/
Vicente Silveira, “Protecting your LinkedIn Account with Two-Step Verification”, LinkedIn’s Blog, 31 May 2013, http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/
Dan Wheeler, “Another layer of security for your Dropbox account”, Dropbox’s Blog, 27 August 2012, https://blog.dropbox.com/2012/08/another-layer-of-security-for-your-dropbox-account/
Seth Hitchings, “Evernote’s Three New Security Features”, Evernote’s Blog, 30 May 2013, http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/
Christopher Aker, “Linode Manager Two-Step Authentication”, Linode’s Blog, 2 May 2013, https://blog.linode.com/2013/05/02/linode-manager-two-step-auth/
Belle Beth Cooper, “Introducing 2 Step Login for Buffer: The safest social media publishing on the web”, Buffer App’s Blog, 26 November 2013, https://blog.bufferapp.com/introducing-the-safest-social-media-publishing-on-the-web
Nitsuh Abebe, “New Security Features: Two-factor authentication and IP history”, Kickstarter’s Blog, 23 June 2014, https://www.kickstarter.com/blog/new-security-features-two-factor-authentication-and-ip-history
Ashley Feinberg, ‘Sony Kept Thousands of Passwords in a Folder Named “Password”’, Gizmodo, 4 December 2014, http://gizmodo.com/sony-kept-thousands-of-passwords-in-a-document-marked-1666772286
“AP Twitter hack causes panic on Wall Street and sends Dow plunging”, The Guardian, 23 April 2013, http://www.theguardian.com/business/2013/apr/23/ap-tweet-hack-wall-street-freefall
Eli Pariser, “Filter Bubble, or How Personalization is Changing the Web”, YouTube, 3 June 2010, https://www.youtube.com/watch?v=fDhsO_q7aYU
“Gartner Says 4.9 Billion Connected “Things” Will Be in Use in 2015”, Gartner, 11 November 2014, http://www.gartner.com/newsroom/id/2905717
Dan Goodin, “How mobile app weakness could let hackers track and unlock a Tesla Model S”, Ars Technica, 1 April 2014, http://arstechnica.com/security/2014/04/how-mobile-app-weakness-could-let-hackers-track-and-unlock-a-tesla-model-s/
Specifications Overview FIDO Alliance, https://fidoalliance.org/specifications
3.15.222.195