Category: authentication

Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000

If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into your bank account or other…

Continue Reading

Even with security flaws, you should be using a password manager

Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious vulnerabilities in some of the…

Continue Reading

What does your password say about you?

Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and all of its attendant miseries. …

Continue Reading

Beware of mobile number port out scams!

I spend a lot of time telling people to use two factor authentication on their important web accounts.  This may explain why I don’t get…

Continue Reading

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad…

Continue Reading

No, you don’t need to close your LastPass account…

Yesterday, at ShmooCon, security researcher Sean Cassidy announced a vulnerability in the popular LastPass password manager.  He demonstrated a way that an attacker could send…

Continue Reading

lastpass security issues found and fixed

In August of last year, a security researcher at UC Berkeley found two security vulnerabilities in LastPass while researching the security of web based password managers….

Continue Reading

OpenAuth/OpenID flaw – ok, now what?

It seems like the latest big security story is a newly discovered flaw in the OAuth and OpenID protocols which allow users to authenticate to third…

Continue Reading

galaxy s5 fingerprint authentication and lastpass

Interesting blog post from Graham Cluley on LastPass’ support for using the Galaxy S5’s fingerprint reader as the key to your password vault.   Since the…

Continue Reading

a new, saner approach to password policies

In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the requirements for password complexity (use…

Continue Reading