Two-factor authentication is a mess (The Verge, Jul 10 2017)
For years, two-factor authentication has been the most important advice in personal cybersecurity — one that consumer tech companies were surprisingly slow to recognize. The movement seemed to coalesce in 2012, after journalist Mat Honan saw hackers ……
Two-factor FAIL: Chap gets pwned after ‘AT&T falls for hacker tricks (The Register, Jul 12 2017)
This is getting stupid now – time to dump SMS and switch to code-generating apps or tokens…
Login-stealing phishing sites conceal their evil with lots of hyphens in URL (Ars Technica, Jun 15 2017)
Compromised domains target Android users with fake login pages for cloud services….
Rethinking Access Management: A Modern Approach for A Modern Workforce (CSO Online, Jul 12 2017)
With a more modern workforce armed with mobile devices and a work-anywhere-anytime mentality, it’s time to rethink your approach to access management. …
Dealing with NIST’s about-face on password complexity (Network World Security, Jun 27 2017)
In the last few years, we’ve been seeing some significant changes in the suggestions that security experts are making for password security. While previous guidance increasingly pushed complexity in terms of password length, the mix of characters used, controls over password reuse, and forced periodic changes, specialists have been questioning whether making passwords complex wasn’t actually working against security concerns rather than promoting them….
Is Password Masking On the Way Out? (Schneier on Security, Jul 19 2017)
Slashdot asks if password masking — replacing password characters with asterisks as you type them — is on the way out. I don’t know if that’s true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in passwords on small screens and annoying……
Authentication and Anomaly Detection: 3 Ways to Identify When an Access Request Isn’t What It Seems (CSO Online, Jul 18 2017)
Anomaly detection is about recognizing risky situations involving access requests that are not legitimate, allowing you to take appropriate action. Your multi-factor authentication solution should have baseline capabilities to help you do just that….