At the Smart Homes and Building Association (SH&BA) “Smart Home Breakthrough Summit” last week, a new Cyber Security Manifesto was unveiled by CONTEXT, a leading European IT market analysis company, and the SH&BA Security Panel. Continue reading “The Smart Home Cyber Security Manifesto”
Category: Identity and Access Management
Posts related to identity and access management (IDAM), including passwords, two factor authentication, PKI and smart cards.
Cars Need a Root of Trust
Fiat Chrysler has suffered a widely publicised attack where hackers remotely killed a Jeep. The resolution has been to send a USB stick in the post to owners, for which they have been criticised. The criticism is in two parts.
Two-Factor Authentication Phishing
I’ve not blogged on two-factor authentication for a while – the roll out among major providers is encouraging – Come on Amazon and Virgin Media, it’s about time you stepped up.
Smart Card Management – Choose your process carefully
Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Continue reading “Smart Card Management – Choose your process carefully”
Does Two Factor Authentication Actually Weaken Security?
Readers of this blog will know that I am a strong advocate of two-factor authentication, commenting on it in various blog articles.
This article by Paul Moore caught my attention this week:
Continue reading “Does Two Factor Authentication Actually Weaken Security?”
Biometrics do not solve password problems
One year on from the Heartbleed episode, we see more and more reports of passwords being stolen. Every time it happens some commentator or vendors will come forward and say biometrics are the answer.
They are not…
Continue reading “Biometrics do not solve password problems”
Council Tax – Identity Gotcha
When applying for various services, you have to prove your identity. A common way of doing this is to provide documentary evidence such as a recent Council Tax bill.
My recent bill from Nottingham City council has made this a dangerous route to follow…
Cyber Essentials: going mainstream?
As I’m sure many of the readers of this blog will be aware Cyber Essentials is a UK Government scheme encouraging organisations to adopt good practice in information security. It includes an assurance framework, and a simple set of security controls, to protect IT.
It was launched in a big fanfare in June of last year; it became mandated for certain UK Government IT contracts in October 2014; but it has seen relatively low take-up. Or at least thus far. Continue reading “Cyber Essentials: going mainstream?”
Two-factor authentication and two-step verification are different things.
They are remarkably similar in concept, the difference being the trust model.
Continue reading “Independent Factors”
Changing 40+ Passwords: Supplementary
In a previous blog series, I described my fun, games and gripes at changing 40+ passwords. Soon after the blog was posted, it struck me – there are yet more to change…