Tag: Knowledge-Based Authentication

How Not To Enhance Your Customers Security

RSA Conference is a little too big to be manageable any more. But a quick glance at the companies showing up at the 2016 edition and at the session topics is always a good indicator of current trends. And so it is with a mix of interest and disappointment that I take in the (long) list

That Time Enabling Two-Factor Authentication Made Me Feel Worse

I’ve been an account holder at a fairly prominent online brokerage for a while now. Been using it without hiccup for years. The movement in the stock market early in the year prompted me to log in to check on a few things (I know, I know. I swear I’m not that guy). While there, I decided

What Happens When Telco’s Declare SMS ‘Unsafe’?

If you’ve been following Authentication related discussions, you know that a lot of the tactical focus is on adding additional authentication factors to the base username/password login mechanism as a way of making it more secure. This is particularly true in consumer facing applications, as brought into stark contrast by the Mat Honan hack episode.

The Challenge of Security Questions

Jackson Shaw just wrote about a website called goodsecurityquestions.com. As the name indicates, it’s a site that purports to distinguish between good and bad questions to employ when setting up for your identity re-verification challenges (for when you forget your password or need to execute a high-value transaction, for instance). The same site also (correctly)