Welcome and Introduce yourself

Hello to all, I am the Chairman of a Canadian Private company that specializes in passwordless authentication. Canada in common with many countries is facing many scams related to the theft of credentials much of this being done through the theft of passwords made easier through the habits caused by the sheer inconvenience of having to remember so many different, so called strong passwords. I have seen recently an increase in the use of one time passwords or OTPs sent in text messages. This practice has been deprecated for a number of years by NIST and others because it is relatively easy to obtain or intercept text messages. Recently we have seen in Canada a new form of crime related to number portability between different mobile providers. Basically, your phone is illegally transferred to a different carrier at the request of a well informed criminal. This person, with the use of your account and other maliciously obtained information can then make transactions with various financial institutions and this is made really easy when the second factor OTP is now visible to the criminal.


It has proven difficult for those affected by this scam to get recompense from their banks or online merchant accounts. Be careful if you receive a text asking if you are in the process of transferring to a new service provider and you are not. Make calls right away to prevent this from happening. Many mobile providers will now assist you by asking you to place additional security measures on your personal account. This can help as long as that account has not been beached. Be careful please.


This is an example of my day to day experiences, some of which I feel would be of interest to this group.


I am past chair of IET Ottawa Local Network and still active on the committee.

Hello to all, I am the Chairman of a Canadian Private company that specializes in passwordless authentication. Canada in common with many countries is facing many scams related to the theft of credentials much of this being done through the theft of passwords made easier through the habits caused by the sheer inconvenience of having to remember so many different, so called strong passwords. I have seen recently an increase in the use of one time passwords or OTPs sent in text messages. This practice has been deprecated for a number of years by NIST and others because it is relatively easy to obtain or intercept text messages. Recently we have seen in Canada a new form of crime related to number portability between different mobile providers. Basically, your phone is illegally transferred to a different carrier at the request of a well informed criminal. This person, with the use of your account and other maliciously obtained information can then make transactions with various financial institutions and this is made really easy when the second factor OTP is now visible to the criminal.


It has proven difficult for those affected by this scam to get recompense from their banks or online merchant accounts. Be careful if you receive a text asking if you are in the process of transferring to a new service provider and you are not. Make calls right away to prevent this from happening. Many mobile providers will now assist you by asking you to place additional security measures on your personal account. This can help as long as that account has not been beached. Be careful please.


This is an example of my day to day experiences, some of which I feel would be of interest to this group.


I am past chair of IET Ottawa Local Network and still active on the committee.