Jackson Shaw just wrote about a website called goodsecurityquestions.com. As the name indicates, it’s a site that purports to distinguish between good and bad questions to employ when setting up for your identity re-verification challenges (for when you forget your password or need to execute a high-value transaction, for instance). The same site also (correctly) [...]
Posts Tagged ‘Password Management’
The Twitter Break-In: Anything to learn here?
The answer is: Plenty.
In a nutshell, here is what happened as I understand it: A hacker named Hacker Croll (who has been a pain in Twitter’s behind for a while now) was able to gain access to the Gmail accounts of various twitter employees, including founder Evan Williams. He was then able to use the [...]
Now How Are We Supposed To Solve This?
Here is an interesting anecdote I heard yesterday (identity of person withheld for their own protection):
My tween daughter was entering some sort of online popularity contest. It involved registering yourself as a contestant online with your email address, and then verifying your entry by clicking on a link in a verification email you would receive. [...]
The changing face of Password Management
A college student was arraigned on Wednesday for allegedly breaking into Gov. Sarah Palin’s private e-mail account last month. Political leanings aside, I read the news article with great interest for the inherent security implications. Reading it, this line jumped out at me:
The F.B.I. said that the younger Mr. Kernell allegedly hacked into the account [...]
New Ideas in Password Management
In his Network World on Security newsletter this week, Dave Kearns talks about a new kind of password management product that seems to be picking up traction. Lieberman Software’s Random Password Manager offers interesting new capabilities in password management similar to Cyber-Ark’s Enterprise Password Vault (EPV). I had briefly mentioned Cyber-Ark in a blog post [...]
Talk about the need for Complex Passwords
I read this post on the Wired blogs about an ATM heist in which the culprit re-programmed the ATM to think it was dispensing dollar bills when it was actually dispensing twenties, thereby allowing the guy to clean out the ATM. How did he do the re-programming? Because he knew the Master Passcode for the [...]
How good are our passwords?
Wired News (which I read assiduously) had a pretty interesting article in their “Security Matters” section recently that talked about an analysis done of MySpace account passwords (”MySpace Passwords Aren’t So Dumb“). It makes for a pretty interesting read, so check it out. While you are at it, check out whether you have a password [...]
