5 Reasons SMS Authentication is still SO common despite being so insecure

What’s going on with SMS Authentication? How come it’s still a thing!? In fact, SMS is still the most commonly used form of Multi-Factor Authentication (MFA) on the planet.

If you doubt this, think globally. Don’t be limited by your own experience, even though I bet you still receive more OTPs (One-Time Passwords) by SMS than you care to think of, no matter how many smartphone apps and google auth accounts you have!

Posted by Phil Cuff on Mar 31, 2019 3:45:00 PM
Read More

Understand the difference between Identification and Authentication

As a follow up to my post about the importance of the Knowledge Factor and the story on how “Cops can legally force you to unlock your phone with your face” this article from the SMH highlights how we all need to understand the difference between identification and authentication:

Posted by Phil Cuff on Mar 12, 2019 4:06:00 PM
Read More

A password-less world would be awful!

....it's the way passwords currently work that needs to change.

There's so much talk about getting rid of passwords, like this (very good) article by George Avetisov, and how everything has to be ‘frictionless’.

Of course, inconvenience and bad user experience leads to bad security practice, but what would a ‘password-less’ world actually be like? It’s certainly not a world I’d enjoy and here’s why…

Posted by Phil Cuff on Mar 6, 2019 3:34:50 PM
Read More

The value of the 'Knowledge Factor'

Great article highlighting the value of the 'Knowledge Factor' (aka passwords and PINs).


You choose when to use your secret password or PIN to authenticate yourself - or not. And you can change it whenever you want to.

Try doing that with biometrics!

Posted by Phil Cuff on Mar 5, 2019 3:53:48 PM
Read More

Time for crypto security to grow up!

Regardless of where you stand on cryptocurrency, security and protection of cryptocurrencies is still appallingly bad as shown by yet another huge exchange theft.

ALL exchanges need to encourage ALL users to utilise cold wallets. 



Posted by Phil Cuff on Mar 5, 2019 3:49:14 PM
Read More

How to create better passwords

Password Strength is dictated by the system the user is trying to authenticate against. People often shortcut the password policies to make the simplest password that passes the complexity requirements, not one that is secure.

In this article from the Washington Post, hundreds of government employees are using simple, easily brute forcible passwords for systems: https://www.washingtonpost.com/technology/2018/08/22/western-australian-government-officials-used-password-their-password-cool-cool/ 

Weak passwords are often due to user frustration with systems requiring passwords to fit their policy, ie: “your password must have a capital letter and two numbers” and that makes users lazy, they find one password that will fit the complexity and re-use it.

Posted by Ben Mudie on Mar 4, 2019 2:21:21 PM
Read More

Simple steps to secure e-commerce

It is always best to require that all employees use strong two factor authentication across all systems.  It’s even better to extend this to customers through a system that requires different levels of authentication based on the sensitivity of the service – providing a good balance between convenience and security. 

A simple and a good place to start is to require administrators and key systems to use strong two factor authentication. 

Posted by Kamil Kreiser on Mar 4, 2019 2:20:57 PM
Read More

Subscribe to our blog

Subscribe to blog