A password-less world would be awful!

....it's the way passwords currently work that needs to change.

There's so much talk about getting rid of passwords, like this (very good) article by George Avetisov, and how everything has to be ‘frictionless’.

Of course, inconvenience and bad user experience leads to bad security practice, but what would a ‘password-less’ world actually be like? It’s certainly not a world I’d enjoy and here’s why…

Posted by Phil Cuff on Mar 6, 2019 3:34:50 PM
Read More

The value of the 'Knowledge Factor'

Great article highlighting the value of the 'Knowledge Factor' (aka passwords and PINs).

https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights/amp

You choose when to use your secret password or PIN to authenticate yourself - or not. And you can change it whenever you want to.

Try doing that with biometrics!

Posted by Phil Cuff on Mar 5, 2019 3:53:48 PM
Read More

Time for crypto security to grow up!

Regardless of where you stand on cryptocurrency, security and protection of cryptocurrencies is still appallingly bad as shown by yet another huge exchange theft.

ALL exchanges need to encourage ALL users to utilise cold wallets. 

 

https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights/amp

Posted by Phil Cuff on Mar 5, 2019 3:49:14 PM
Read More

How to create better passwords

Password Strength is dictated by the system the user is trying to authenticate against. People often shortcut the password policies to make the simplest password that passes the complexity requirements, not one that is secure.

In this article from the Washington Post, hundreds of government employees are using simple, easily brute forcible passwords for systems: https://www.washingtonpost.com/technology/2018/08/22/western-australian-government-officials-used-password-their-password-cool-cool/ 

Weak passwords are often due to user frustration with systems requiring passwords to fit their policy, ie: “your password must have a capital letter and two numbers” and that makes users lazy, they find one password that will fit the complexity and re-use it.

Posted by Ben Mudie on Mar 4, 2019 2:21:21 PM
Read More

Simple steps to secure e-commerce

It is always best to require that all employees use strong two factor authentication across all systems.  It’s even better to extend this to customers through a system that requires different levels of authentication based on the sensitivity of the service – providing a good balance between convenience and security. 

A simple and a good place to start is to require administrators and key systems to use strong two factor authentication. 

Posted by Kamil Kreiser on Mar 4, 2019 2:20:57 PM
Read More