Posted in authentication online security social engineering worst practices

Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000

If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into…

Posted in authentication best practices online security useful stuff

Even with security flaws, you should be using a password manager

Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious…

Posted in authentication best practices online security useful stuff

What does your password say about you?

Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and…

Posted in authentication cloud computing hacks online security

Beware of mobile number port out scams!

I spend a lot of time telling people to use two factor authentication on their important web accounts.  This may…

Posted in authentication CSO online security worst practices

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two…

Posted in authentication hacks privacy risk useful stuff

No, you don’t need to close your LastPass account…

Yesterday, at ShmooCon, security researcher Sean Cassidy announced a vulnerability in the popular LastPass password manager.  He demonstrated a way…

Posted in authentication cloud computing

lastpass security issues found and fixed

In August of last year, a security researcher at UC Berkeley found two security vulnerabilities in LastPass while researching the security…

Posted in authentication awareness online security systemic risk

OpenAuth/OpenID flaw – ok, now what?

It seems like the latest big security story is a newly discovered flaw in the OAuth and OpenID protocols which allow…

Posted in authentication deep thoughts online security risk useful stuff

galaxy s5 fingerprint authentication and lastpass

Interesting blog post from Graham Cluley on LastPass’ support for using the Galaxy S5’s fingerprint reader as the key to…

Posted in authentication best practices

a new, saner approach to password policies

In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the…