Why quality over quantity is essential when it comes to multi-factor authentication.

Continue reading

You never know what kind of data can be accessed in a new vulnerability, so the only reasonable assumption is that any data in your program, database or file is vulnerable.

Continue reading

Passwords are insecure, and we need to get rid of them. But usernames, which are often overlooked, are downright dangerous.

Continue reading

If a company says it "protects" your data with usernames and passwords, they basically hate you and are complicit in helping hackers steal your data (and your identity). Yes, I said it. They hate you. Human readable credentials, like those exposed with Equifax, must not continue to be used as identification for any purpose. I see it over and over - the only thing companies are telling us to do is the same thing that they were suggesting five or six years ago, and that’s to make our passwords more complex. Usernames and passwords are obsolete and we must consider them ALL compromised whether we know it yet or not. So what can you do?

Continue reading

In the modern world, more and more applications move to the cloud, or to be more specific,to somebody else's servers. Common solutionnowdays is to make an application a web service, accessible from any modern browser. This solution has its upsides and downsides. One of the downsides is that the way your data is read, modified and stored is not under your direct control. Problems with data security, accessibility, integrity or unauthorized access may lead to huge losses for the data owner, either financial,reputational or emotional. The web service provider usually cares about the data up to the price users pay for the service, plus some reputational costs, but that's still less than the value the users have to pay when their data is lost or compromised. This can be mitigated in various ways.

Continue reading

The annual Apple event is possibly one of the most anticipated technology events throughout the world. This year, the company revealed its iPhone X – one of the most advanced phones on the market, but what wasn’t so great about it? The facial recognition technology, and I’m not talking about the work Apple put in to the phone to ensure a printout of your face won’t unlock the phone. Biometrics as a first authentication factor looks cool in movies, but in actuality opens up more vulnerabilities.

Continue reading

Single sign-on could be the closest thing we have to an authoritative and universal passport, both for your local device and the internet in general. But authentication that excludes intruders and also proves the user's identity is still an area that stops most SSO solutions from ever getting it completely right.

Continue reading