Tag: Passwords Must Die

How Not To Enhance Your Customers Security

RSA Conference is a little too big to be manageable any more. But a quick glance at the companies showing up at the 2016 edition and at the session topics is always a good indicator of current trends. And so it is with a mix of interest and disappointment that I take in the (long) list

That Time Enabling Two-Factor Authentication Made Me Feel Worse

I’ve been an account holder at a fairly prominent online brokerage for a while now. Been using it without hiccup for years. The movement in the stock market early in the year prompted me to log in to check on a few things (I know, I know. I swear I’m not that guy). While there, I decided

The Real Lessons from the LastPass Breach

Didn’t think I’d be writing back-to-back posts regarding breaches, but that’s the world we live in now. And the LastPass breach is interesting on many levels. In warning users of the breach, LastPass disclosed that their investigation into the breach showed “that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were

2FA in Password Managers: Fair or Faux

It all started with a tweet I sent regarding the position on passwords and password managers that a member of Microsoft Research was taking in an NPR article (I’ll expand on my viewpoint in a later blog post). But one of the resulting responses I received sent me down a very interesting rabbit hole. Faux 2FA? Of course I

As Passwords Die, Are We Witnessing Revolution or Evolution?

It would be pretty funny if the next ad for Apple’s iDevices touting TouchID happened to make the point using Google Glass (“In a world, where Glassholes are everywhere – behind you in line at Starbucks, sitting next to you on the BART, even lying in bed next to you – no passcode is safe!”).

The Conundrum of 2FA meets the Enigma that is PAM

“It’s a mystery. Broken into a jigsaw puzzle. Wrapped in a conundrum. Hidden in a Chinese box. A riddle.” – The Riddler, The Long Halloween Yesterday’s hack of the AP’s Twitter account was big. Not only did the impact it had on the stock market prove Ranjeet’s thesis that Twitter is now a SOX (Sarbanes-Oxley)

The Dilemma of the OAuth Token Collector

‘Tis the season to be hacked, I guess. Twitter joined a bunch of other companies in revealing that it was the target of a sophisticated attack that may have exposed the information for about 250,000 users. While the data that was allegedly exposed, including encrypted/salted versions of passwords, was not as bad as in some

The Epic Hacking of Mat Honan and Our Identity Challenge

Wired has the kind of article that will make all of us leading highly digitized lives (is that the right term?) wake up in a cold sweat. While the title – How Apple and Amazon Security Flaws Led to My Epic Hacking – may strike many as sensationalist, the article does a good job of

Protecting Yourself While Using Cloud Services

I was recently asked to comment on the top 5 ways to protect yourself (as an individual) when using the cloud. Obviously I brought a very identity-centric slant to it, but it was an interesting exercise as I tried to put down on paper (!) the steps I take to protect myself daily. I thought

FFIEC Updates Their Guidance. And The Winner Is…

In my last post, I mentioned that the FFIEC was preparing an update to their 2005 guidance on internet banking authentication. Well, that update is out, and Anil John couldn’t wait to let me know about it (:)). The update, entitled ‘Supplement to Authentication in an Internet Banking Environment‘ recognizes both the growth in online