Category: authentication

UBS takes a step towards a passwordless future

It looks like the end of the password may be coming a bit more quickly than I had expected… I received an email from UBS…

Continue Reading

It’s official… SMS is not a security tool

UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…

Continue Reading

Are passwords really the best we can do?

So by now, you have seen the news stories about the doofus hackers who are breaking into Ring cameras and scaring kids. And it turns…

Continue Reading

How authentication methods stack up

Here’s a nice resource from iDaptive’s blog on the relative merits of various common types of authentication technologies – interesting quick read.

Continue Reading

Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000

If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into your bank account or other…

Continue Reading

Even with security flaws, you should be using a password manager

Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious vulnerabilities in some of the…

Continue Reading

What does your password say about you?

Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and all of its attendant miseries. …

Continue Reading

Beware of mobile number port out scams!

I spend a lot of time telling people to use two factor authentication on their important web accounts.  This may explain why I don’t get…

Continue Reading

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad…

Continue Reading

No, you don’t need to close your LastPass account…

Yesterday, at ShmooCon, security researcher Sean Cassidy announced a vulnerability in the popular LastPass password manager.  He demonstrated a way that an attacker could send…

Continue Reading