Category: authentication
Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000
If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into…
Even with security flaws, you should be using a password manager
Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious…
What does your password say about you?
Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and…
Beware of mobile number port out scams!
I spend a lot of time telling people to use two factor authentication on their important web accounts. This may…
Two factor authentication on web apps should be the default
tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two…
No, you don’t need to close your LastPass account…
Yesterday, at ShmooCon, security researcher Sean Cassidy announced a vulnerability in the popular LastPass password manager. He demonstrated a way…
lastpass security issues found and fixed
In August of last year, a security researcher at UC Berkeley found two security vulnerabilities in LastPass while researching the security…
OpenAuth/OpenID flaw – ok, now what?
It seems like the latest big security story is a newly discovered flaw in the OAuth and OpenID protocols which allow…
galaxy s5 fingerprint authentication and lastpass
Interesting blog post from Graham Cluley on LastPass’ support for using the Galaxy S5’s fingerprint reader as the key to…
a new, saner approach to password policies
In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the…