Did we really learn anything from the Equifax data breach?

by Perry Chaffee, on Wed 20 December 2017

If a company says it "protects" your data with usernames and passwords, they basically hate you and are complicit in helping hackers steal your data (and your identity). Yes, I said it. They hate you. Human readable credentials, like those exposed with Equifax, must not continue to be used as identification for any purpose. I see it over and over - the only thing companies are telling us to do is the same thing that they were suggesting five or six years ago, and that’s to make our passwords more complex. Usernames and passwords are obsolete and we must consider them ALL compromised whether we know it yet or not. So what can you do?

Continue reading

4 ideas about securing user data in web applications

by WWPass, on Tue 21 November 2017

In the modern world, more and more applications move to the cloud, or to be more specific,to somebody else's servers. Common solutionnowdays is to make an application a web service, accessible from any modern browser. This solution has its upsides and downsides. One of the downsides is that the way your data is read, modified and stored is not under your direct control. Problems with data security, accessibility, integrity or unauthorized access may lead to huge losses for the data owner, either financial,reputational or emotional. The web service provider usually cares about the data up to the price users pay for the service, plus some reputational costs, but that's still less than the value the users have to pay when their data is lost or compromised. This can be mitigated in various ways.

Continue reading

iPhone X's facial recognition: What could go wrong? and double check that all meta information is correct?

by Perry Chaffee, on Thu 16 November 2017

The annual Apple event is possibly one of the most anticipated technology events throughout the world. This year, the company revealed its iPhone X – one of the most advanced phones on the market, but what wasn’t so great about it? The facial recognition technology, and I’m not talking about the work Apple put in to the phone to ensure a printout of your face won’t unlock the phone. Biometrics as a first authentication factor looks cool in movies, but in actuality opens up more vulnerabilities.

Continue reading

Single Sign On Solutions and How They Make You Vulnerable

by Brian Kelley, on Wed 16 August 2017

Single sign-on could be the closest thing we have to an authoritative and universal passport, both for your local device and the internet in general. But authentication that excludes intruders and also proves the user's identity is still an area that stops most SSO solutions from ever getting it completely right.

Continue reading