Reblog: What is 2FA and is it really secure

Reblog. Original (TechUK)

90% of security attacks start with a phishing attempt. This is because attackers want to get hold of your password. Once they have obtained this, they can become you, and access wherever you can access.

More…

Payment Services Directive

So, Tesco was hacked. Although there is no official word yet on how this happened, the chatter among people far smarter than me are suggesting the issue is related to passwords and the Tesco Club card.

Followers of CyberMatters will recognise that I often blog about password issues. Is there anything new to say on the subject I hear you ask? Yes… Continue reading “Payment Services Directive” →

We cannot let passwords die (yet)

I’m getting fed up with marketing that says “Passwords must die” only to present yet another solution that won’t replace them.

The challenge to solve is ubiquity – this is why passwords have stood the test of time, even with their obvious and proven shortcomings.

Continue reading “We cannot let passwords die (yet)” →

Why is my Password Too Long?

Dear Virgin Media

I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media). I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently. Continue reading “Why is my Password Too Long?” →

The Smart Home Cyber Security Manifesto

At the Smart Homes and Building Association (SH&BA) “Smart Home Breakthrough Summit” last week, a new Cyber Security Manifesto was unveiled by CONTEXT, a leading European IT market analysis company, and the SH&BA Security Panel. Continue reading “The Smart Home Cyber Security Manifesto” →

Two-Factor Authentication Phishing

I’ve not blogged on two-factor authentication for a while – the roll out among major providers is encouraging – Come on Amazon and Virgin Media, it’s about time you stepped up.

Continue reading “Two-Factor Authentication Phishing” →

Smart Card Management – Choose your process carefully

Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Continue reading “Smart Card Management – Choose your process carefully” →

Does Two Factor Authentication Actually Weaken Security?

Readers of this blog will know that I am a strong advocate of two-factor authentication, commenting on it in various blog articles.

This article by Paul Moore caught my attention this week:
Continue reading “Does Two Factor Authentication Actually Weaken Security?” →

Independent Factors

Two-factor authentication and two-step verification are different things.
They are remarkably similar in concept, the difference being the trust model.
Continue reading “Independent Factors” →

The Day the Technology and Entertainment News Headlines Were the Same: Hackers and Nude Celebs

You will no doubt have seen by now the news that naughty photos of celebrities have appeared on the internet.

It’s the story that has everything – cyber security, the dangers of the cloud, online safety and a little bit of smut thrown in for good measure.

Continue reading “The Day the Technology and Entertainment News Headlines Were the Same: Hackers and Nude Celebs” →