The Usual Finger Pointing
Motherboard reported on a Yet Another Gaping Security Whole in using mobile phone numbers for authentication. The headline put it very succinctly: A Hacker Got All My Texts for $16. [...]
Motherboard reported on a Yet Another Gaping Security Whole in using mobile phone numbers for authentication. The headline put it very succinctly: A Hacker Got All My Texts for $16. [...]
Public Key Infrastructure (PKI) authentication is the most secure and reliable way to prove online identity, but it is rarely used by consumers. There are three main obstacle to using [...]
The Center for Internet Security just updated their Password Policy Guide as a template for organizations to use as their own. The CIS announcement start out with at this seemingly [...]
Nothing says you care about our users like a deliberately misleading user interface. Today's example of a giant Fu(k Y@u comes courtesy of Condé Nast via Ars Technica and their CCPA [...]
Email addresses and usernames are used as proxies for identity when creating the userID for a service. These are intended to be anchors in the service's user table; persistent, stable, [...]
Authentication is frequently confused with Access and Identity Management. These concepts are often used interchangeably because most existing authentication schemes were designed with the hierarchical, paternalistic mindset of traditional senior [...]
USA Today featured an excellent piece on underscoring the absurdity of our current acceptance of dense legal Terms of Service and Privacy Policies. @Jguynn succinctly summarize the status quo, “I have [...]
Companies wanting to improve user security have frequently turned to 2nd Factor Authentication. Authentication is commonly viewed as confirming one of 5 factors; 2nd factor authentication simply means relying on [...]
ZDNet broke a story today about the largest list of username/passwords for servers, home routers and IOT devices, ever published. Technically this dump is not people who signed up to [...]
Princeton University Department of Computer Science and Center for Information Technology Policy just released a draft report entitled An Empirical Study of Wireless Carrier Authentication for SIM Swaps which examines the [...]