Protecting Your Professional Reputation

Controlling your professional information can mean managing the information you disclose on professional networking sites such as LinkedIn.  It can also mean protecting the client and employee information you have gathered through your employment.   It may mean securing your computer network from outside and inside attackers, or your website from compromise.  It may mean properly securing online assets such ...

Continue Reading →
0

Facebook Strengthens Password Recovery Process

As a regular reader of this blog, you are probably using a long, unique, 20 character password with two-factor authentication, and a password manager to keep it all straight.  But let’s say that you fall for a phishing scam, and give away the password to your email account.  The attacker can now use your email account to request password reset emails from your other online accounts, and you have yourself one big ...

Continue Reading →
0

Facebook Adds USB Key Two-Factor Authentication

Facebook has added USB key security to it’s two-factor authentication options.  Previously, Facebook users could add the additional security of two-factor authentication to their account by using the Facebook app to receive a six digit one-time passcode, or by having the code sent to their smart phone via SMS text message.  Facebook now supports the open-source Universal 2 Factor (U2F) standard established by the FIDO Alliance, such as the  Yubikey from Yubico.

Continue Reading →

0

The Problem With Biometric Authentication

NIST is working on new authentication standards, and there are some surprising changes coming out of this effort.  One of the issues that NIST is dealing with is the use of biometrics for authentication.  But there are problems with biometrics.  Here they are from the NIST Special Publication 800-63b.  Emphasis is mine.

“5.2.3. Use of Biometrics

For a variety of reasons, this ...

Continue Reading →
0

Passwords Are On Life Support

Passwords are not dead – not yet.  But they are on life support.  They are no longer enough to truly secure anything on their own.

I just read an sobering, eye-popping article on NetMux that discussed easy ways to crack passwords that are longer than 12 characters.

What makes this so disheartening for me is that I have been telling everyone to increase their password length ...

Continue Reading →
0

Password Policy Improvements

password2On Monday we attacked the utility of current password policies and standards.  Today we will offer up an array of improvements.

To be truly effective from a security perspective, password policies need to be designed to withstand both online and offline password cracking methods. We discussed offline methods in our post last month, so we will not do more than recap them here. ...

Continue Reading →
0

Current Password Policies Don’t Work

good-passwordMost corporate password policies are a waste off time and do not add anything extra to providing secure authentication.  Many of these policies were put in place to meet the standards of various compliance bodies (PCI-DSS, HIPAA, etc.)  But basically these policies are not keeping up with the state of the art in password cracking, as we discussed last November in our post on Continue Reading →

0

Adult Site Breach Exposes Weak Hashing

affThe site Adult Friend Finder, the “world’s largest sex and swingers site” recently exposed 412 million user credentials due to poor, or in some cases, non-existent password hashing practices. The biggest group losses were:

  • 339 million users of AdultFriendFinder.com
  • 62 million users of webcam site cams.com
  • 7.1 million users of Penthouse.com
  • 1.4 million users of stripshow.com

As we discussed last week, the reason that the Yahoo breach went unreported is ...

Continue Reading →
0

How Are Passwords Cracked?

password1The answer to this question is complicated, but not impossible to understand.  The first thing to know is that most passwords are not cracked by guessing, or trying thousands of possibilities one at a time on a typical login screen.  Most systems will lock the account after a certain small number of failed attempts, like 5 or 6. This makes the kind of password ...

Continue Reading →
1

Cybersecurity Top 10

cybersecurity_436x270As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short.  This was the year, you promised yourself, that we get a handle on computer and network security.

Well it is not too late to get a start, and here is a short ...

Continue Reading →
0
Page 2 of 6 12345...»