Authentication without Passwords?

I have been warning about the weakness of the password for a number of years.  Passwords no longer provide strong security.  Passwords are too easy to crack using automated techniques, and are stored insecurely in many environments.  Most passwords are too short, or easily guessable.  Many users reuse the same password on multiple sites.  But the password remains the most popular form of authentication among most users.  Two-factor and multi-factor authentication ...

Continue Reading →
31
DEC
0

authentication, cybersecurity, passwords

, ,

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Home Routers Lack Basic Linux Security

More disconcerting news for router owners – a new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.

CITL (Cyber Independent Testing Laboratories) says it made this unexpected discovery after analysing firmware images from Asus, ...

Continue Reading →
29
DEC
0

authentication, Google, passwords, Software vulnerability, Weekend Update

, ,

What the Heck is Zero-Trust Security?

Have you ever wondered why the state of cybersecurity is so screwed up?  Why is it so easy for bad actors and cyber-criminals to hijack systems and steal information?  Would you be surprised to learn the answer is because we designed it that way?  Computers, networks, operating systems and software were designed to work together as easily as possible, and were inherently  “trusted” by each other.  In the beginning, most systems ...

Continue Reading →
12
DEC
0

authentication, Computers and Internet, cybersecurity, encryption, multi-factor authentication, passwords

,

Another Problem with MFA – Slow Adoption

Do the web sites your frequently visit offer two-factor authentication?  Have you enabled 2FA where it is available to you?  Is the particular implementation of 2FA or MFA security really adding any extra protection for you?   Not sure?  Please read on.

Password management company Dashlane recently ranked 34 of the top websites for their implementation of two-factor or multi-factor authentication options for their ...

Continue Reading →
21
NOV
0

authentication, cybersecurity, multi-factor authentication, passwords

,

Google Blazes New Trails in Authentication

Two-factor and multi-factor authentication historically have been based on using two or more of three criteria:  something you know (passwords), something you have (security token) or something you are (biometrics such as fingerprints).  There have been two new additions to MFA criteria: something you do (keyboard cadence or mouse movement), and somewhere you are (geo-location through GPS or public IP address).

Google has been busy heightening the security for it’s account holders ...

Continue Reading →
19
NOV
0

authentication, Computers and Internet, cybersecurity, Google, passwords

Better Two-Factor Security from Google Titan

This article is an amusing collision between our last two topics – the problems with two-factor and multi-factor authentication and our four-part story on Google’s data mining habits.  Google has developed and released their Titan MFA security key as a more secure way to implement multi-factor authentication that can’t be attacked through phishing and man-in-the-middle exploits.  So if you can stand ...

Continue Reading →
16
NOV
0

authentication, Computers and Internet, cybersecurity, passwords, Security, smartphones

Solving Problems with Multi-Factor Authentication

In our last post we looked at several problems you might encounter using two-factor or multi-factor authentication.  If you have two-factor authentication, or are thinking about using it, there are some additional steps you should take in case you lose your second factor and have to re-establish access.

  • How do I recover my account?  Learn this in advance of actual need.  Dig into your ...
Continue Reading →
2
NOV
0

authentication, cybersecurity, passwords

, , ,

Problems with Multi-factor Authentication

I am admittedly a huge proponent of two-factor and multi-factor authentication.  For me, TFA, 2FA, and MFA have allowed the password some badly needed extended life as a secure authentication method.  With multi-factor authentication, losing your password to an attacker is not enough for them to gain access to and compromise a system, resource, or account.

Multi-factor authentication requires a user to log into ...

Continue Reading →
31
OCT
0

authentication, cybersecurity, passwords

, , , ,

Problems with Password Manager Phone Apps

If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form.  This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.

I have been an advocate for password managers.  They are part of the solution to creating ...

Continue Reading →
15
OCT
0

cybersecurity, passwords, Phishing, Security, smartphones, Software vulnerability

Page 1 of 14 12345...»