Category: authentication
Are passwords really the best we can do?
So by now, you have seen the news stories about the doofus hackers who are breaking into Ring cameras and scaring kids. And it turns…
How authentication methods stack up
Here’s a nice resource from iDaptive’s blog on the relative merits of various common types of authentication technologies – interesting quick read.
Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000
If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into your bank account or other…
Even with security flaws, you should be using a password manager
Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious vulnerabilities in some of the…
What does your password say about you?
Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and all of its attendant miseries. …
Beware of mobile number port out scams!
I spend a lot of time telling people to use two factor authentication on their important web accounts. This may explain why I don’t get…
Two factor authentication on web apps should be the default
tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad…
No, you don’t need to close your LastPass account…
Yesterday, at ShmooCon, security researcher Sean Cassidy announced a vulnerability in the popular LastPass password manager. He demonstrated a way that an attacker could send…
lastpass security issues found and fixed
In August of last year, a security researcher at UC Berkeley found two security vulnerabilities in LastPass while researching the security of web based password managers….
OpenAuth/OpenID flaw – ok, now what?
It seems like the latest big security story is a newly discovered flaw in the OAuth and OpenID protocols which allow users to authenticate to third…
