Tag: Password Management

The Epic Hacking of Mat Honan and Our Identity Challenge

Wired has the kind of article that will make all of us leading highly digitized lives (is that the right term?) wake up in a cold sweat. While the title – How Apple and Amazon Security Flaws Led to My Epic Hacking – may strike many as sensationalist, the article does a good job of

Protecting Yourself While Using Cloud Services

I was recently asked to comment on the top 5 ways to protect yourself (as an individual) when using the cloud. Obviously I brought a very identity-centric slant to it, but it was an interesting exercise as I tried to put down on paper (!) the steps I take to protect myself daily. I thought

Cardspace and the KISS Principle

(My original title for this post was “Cardspace, We Hardly Knew Thee”, but Dave Kearns stole that by a nose). RSA is not the best conference for identity related news and topics, but there were more than a few interesting story lines that emerged last week (and no, I am not referring to what went

The Challenge of Security Questions

Jackson Shaw just wrote about a website called goodsecurityquestions.com. As the name indicates, it’s a site that purports to distinguish between good and bad questions to employ when setting up for your identity re-verification challenges (for when you forget your password or need to execute a high-value transaction, for instance). The same site also (correctly)

The Twitter Break-In: Anything to learn here?

The answer is: Plenty. In a nutshell, here is what happened as I understand it: A hacker named Hacker Croll (who has been a pain in Twitter’s behind for a while now) was able to gain access to the Gmail accounts of various twitter employees, including founder Evan Williams. He was then able to use

Now How Are We Supposed To Solve This?

Here is an interesting anecdote I heard yesterday (identity of person withheld for their own protection): My tween daughter was entering some sort of online popularity contest. It involved registering yourself as a contestant online with your email address, and then verifying your entry by clicking on a link in a verification email you would

The changing face of Password Management

A college student was arraigned on Wednesday for allegedly breaking into Gov. Sarah Palin’s private e-mail account last month. Political leanings aside, I  read the news article with great interest for the inherent security implications. Reading it, this line jumped out at me: The F.B.I. said that the younger Mr. Kernell allegedly hacked into the

New Ideas in Password Management

In his Network World on Security newsletter this week, Dave Kearns talks about a new kind of password management product that seems to be picking up traction. Lieberman Software’s Random Password Manager offers interesting new capabilities in password management similar to Cyber-Ark’s Enterprise Password Vault (EPV). I had briefly mentioned Cyber-Ark in a blog post

Talk about the need for Complex Passwords

I read this post on the Wired blogs about an ATM heist in which the culprit re-programmed the ATM to think it was dispensing dollar bills when it was actually dispensing twenties, thereby allowing the guy to clean out the ATM. How did he do the re-programming? Because he knew the Master Passcode for the

How good are our passwords?

Wired News (which I read assiduously) had a pretty interesting article in their “Security Matters” section recently that talked about an analysis done of MySpace account passwords (“MySpace Passwords Aren’t So Dumb“). It makes for a pretty interesting read, so check it out. While you are at it, check out whether you have a password