Fiat Chrysler has suffered a widely publicised attack where hackers remotely killed a Jeep. The resolution has been to send a USB stick in the post to owners, for which they have been criticised. The criticism is in two parts.
I’ve not blogged on two-factor authentication for a while – the roll out among major providers is encouraging – Come on Amazon and Virgin Media, it’s about time you stepped up.
Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Continue reading “Smart Card Management – Choose your process carefully”
Readers of this blog will know that I am a strong advocate of two-factor authentication, commenting on it in various blog articles.
This article by Paul Moore caught my attention this week:
Continue reading “Does Two Factor Authentication Actually Weaken Security?”
One year on from the Heartbleed episode, we see more and more reports of passwords being stolen. Every time it happens some commentator or vendors will come forward and say biometrics are the answer.
They are not…
When applying for various services, you have to prove your identity. A common way of doing this is to provide documentary evidence such as a recent Council Tax bill.
My recent bill from Nottingham City council has made this a dangerous route to follow…
As I’m sure many of the readers of this blog will be aware Cyber Essentials is a UK Government scheme encouraging organisations to adopt good practice in information security. It includes an assurance framework, and a simple set of security controls, to protect IT.
It was launched in a big fanfare in June of last year; it became mandated for certain UK Government IT contracts in October 2014; but it has seen relatively low take-up. Or at least thus far. Continue reading “Cyber Essentials: going mainstream?”
Two-factor authentication and two-step verification are different things.
They are remarkably similar in concept, the difference being the trust model.
Continue reading “Independent Factors”
In a previous blog series, I described my fun, games and gripes at changing 40+ passwords. Soon after the blog was posted, it struck me – there are yet more to change…
Previously in this blog series, I looked at the process of changing and remembering 40+ passwords and recounted a few of the annoyances. In this final part, I document a big concern – in some cases changing my password was pointless (well, not quite but almost…)