Posts Tagged ‘authentication’

Password Use Study – Massive Reuse of Passwords

Friday, December 9th, 2016

The only surprise here is that someone thought that a study was needed in order to prove that people reuse passwords … heck, I could have told them that without a study.

A recent password use study by the German Hasso-Plattner-Institute of roughly 1 billion user accounts concluded that 20% of users were reusing passwords. Additionally, 27% of users used password that were nearly identical with other account passwords. User accounts and passwords are still the dominating method of authentication both locally and online.

(more…)

Microsoft’s Password Recommendations

Tuesday, May 31st, 2016

Nothing too surprising here, but I think most users will appreciate the idea of getting rid of mandatory, periodic password resets.

Robyn Hicock of the Microsoft Identity Protection Team published a Password Guidance paper recently in which recommendations are made to IT administrators and users in regards to password security and management. Passwords are widely used on today’s Internet, local networks and even individual devices, and while companies have started to develop alternatives, none will replace the need for passwords for authentication in the near future.

(more…)

Researchers to Reveal Critical LastPass Issues in November 2015

Thursday, September 17th, 2015

In the end, will it turn out that writing down your passwords on the back of an old business card in your wallet is actually more secure than an online password management service?

Password managers are great as they store a virtually unlimited number of important information, accounts, passwords, credit card numbers and other sensitive data. They keep you from having to memorize unique strong passwords, or use other means to remember them such as writing them down. All the data is protected by a single master password, and, if supported, by additional means of protection such as two-factor authentication.

(more…)

LastPass Hacked – What this Means to You

Tuesday, June 16th, 2015

Could it be that simply writing down your passwords on an old 3×5 card is actually safer than an online password manager?

Online security company LastPass published an announcement yesterday on the official company blog that it detected and blocked suspicious activity on the company network. According to the information posted on the blog, the company did not find evidence that LastPass user accounts were accessed or user vault data was downloaded. The company did not mention when it first noticed the breach but some users reported that they started to receive spam to email addresses used exclusively for the password manager account on June 8th.

(more…)

Microsoft Aims to Change Authentication with Microsoft Passport

Wednesday, March 18th, 2015

The trick is to protect access from unauthorized access, while still allowing authorized users to log-in without too many hassles and complications. I’ve yet to see a commercial security/authentication strategy that can successfully accomplish both of those goals.

If you want to sign in on a web service currently you have to provide username and password to do so. This is neither convenient nor overly secure, considering that the server you communicate with has to store username and a hashed password for that. Microsoft envisions Passport to change that by allowing users to sign in to applications and web services without passwords.

(more…)

How Secure are Different Online Banking Payment Authorization Methods?

Friday, May 9th, 2014

If you use your mobile phone to access your online bank accounts, then you should probably take a quick look at this article to see how your payment authorization protocol stacks up, security-wise.

I have worked in tech support for a big German bank before I started my work as a full time blogger. Back then, the bank only supported two payment authorization methods: transaction numbers on paper or HBCI. Today with the rise of smartphones and applications, you get additional options in this regard. I’d like to provide you with an overview of popular Internet Banking payment authorization methods. Instead of just describing each method, I will also look at set up and security, as they are the two most important aspects when it comes to payment authorization.

(more…)

Improve Tumblr Security by Enabling Two-Factor Authentication

Wednesday, March 26th, 2014

Two factor authentication does provide improved security over a standard password, but I’m not sure if I’m all that crazy about giving my phone number out to companies that might end up selling that information later.

Tumblr announced today that Two-Factor Authentication is now available for all users of the site. Two-Factor Authentication adds a second layer to the log in process on websites. Instead of accessing an account on Tumblr with the account’s username and password, another code needs to be entered before access is granted. That code is generated in real-time, usually through smartphone apps, SMS or hardware devices that can generate codes on demand.

(more…)

Mozilla Makes Authentication System Persona Community Project

Friday, March 14th, 2014

Given the widespread concerns about security and privacy, I’m kind of surprised that there hasn’t been more user interest in Persona …

When Mozilla launched Persona under the name BrowserID back in 2012, it had big plans for the authentication service. The primary goal was to make the authentication process on the web safer, more private, and better to use. BrowserID was renamed to Persona in the beginning of 2013, which resulted in Personas, the lightweight theme engine of Firefox, being renamed as well to avoid confusion.

(more…)