The practical digital library updated

A few years ago I moved my private library to the cloud. It uses Calibre to catalog my books, and the Open Publication Distribution System (OPDS) to provide an Internet-capable catalog. OPDS is built in to a lot of publisher-independent e-reader softwa… Continue reading The practical digital library updated

Good Primer on Two-Factor Authentication Security

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it’s often an important security measure, it’s not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system…. Continue reading Good Primer on Two-Factor Authentication Security

Hu: The Missing Element

Below you can find a version of the talk that I just gave at the European Identity Conference and at Identiverse talking about what I consider to be the missing element in Identity Management. Seems the curse that the A/V gods put on me at last years C… Continue reading Hu: The Missing Element

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points out an application where this… Continue reading Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or … Continue reading Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

How should multiple system-generated, centrally managed passwords be distributed securely (if at all)?

In a system where a single admin user is responsible for the creation of multiple (up to 500) user accounts, including passwords and these user accounts do not have an associated email address how would you approach the distr… Continue reading How should multiple system-generated, centrally managed passwords be distributed securely (if at all)?