Category: authentication
Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000
If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into your bank account or other…
Even with security flaws, you should be using a password manager
Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious vulnerabilities in some of the…
What does your password say about you?
Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and all of its attendant miseries. …
Beware of mobile number port out scams!
I spend a lot of time telling people to use two factor authentication on their important web accounts. This may explain why I don’t get…
Two factor authentication on web apps should be the default
tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad…
No, you don’t need to close your LastPass account…
Yesterday, at ShmooCon, security researcher Sean Cassidy announced a vulnerability in the popular LastPass password manager. He demonstrated a way that an attacker could send…
lastpass security issues found and fixed
In August of last year, a security researcher at UC Berkeley found two security vulnerabilities in LastPass while researching the security of web based password managers….
OpenAuth/OpenID flaw – ok, now what?
It seems like the latest big security story is a newly discovered flaw in the OAuth and OpenID protocols which allow users to authenticate to third…
galaxy s5 fingerprint authentication and lastpass
Interesting blog post from Graham Cluley on LastPass’ support for using the Galaxy S5’s fingerprint reader as the key to your password vault. Since the…
a new, saner approach to password policies
In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the requirements for password complexity (use…
