Collaborate Disseminate
Secure Ideas is currently working on a revamp and redesign of our website and client portal, to promote a better user experience for our clients. Since a lot of our infrastructure is in AWS, we started to consider Cognito for authentication. On paper i… Continue reading Cave of Broken Mirrors: 3 Issues with AWS Cognito
Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it’s often an important security measure, it’s not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system…. Continue reading Good Primer on Two-Factor Authentication Security
Below you can find a version of the talk that I just gave at the European Identity Conference and at Identiverse talking about what I consider to be the missing element in Identity Management. Seems the curse that the A/V gods put on me at last years C… Continue reading Hu: The Missing Element
Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points out an application where this… Continue reading Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or … Continue reading Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
In a system where a single admin user is responsible for the creation of multiple (up to 500) user accounts, including passwords and these user accounts do not have an associated email address how would you approach the distr… Continue reading How should multiple system-generated, centrally managed passwords be distributed securely (if at all)?
Hello I have been informed that a good friend of the family really loves my wife. He has proceeded to tell us that he has used our mobile device IP address and uses bread crumbs to see where we are at within 100 feet. My wife… Continue reading Bread Crumbs is being used to stalk me and my family [on hold]
Hello I have been informed that a good friend of the family really loves my wife. He has proceeded to tell us that he has used our mobile device IP address and uses bread crumbs to see where we are at within 100 feet. My wife… Continue reading Bread Crumbs is being used to stalk me and my family [on hold]
How can one generate a password that is easy to type but does not sacrifice security? An example of a password that is easy to type but sacrifices security (I imagine) would be qwe123!@#.
For this question, we’ll use a pretty lax but stan… Continue reading How to generate easy to type passwords without sacrificing security?
Slashdot asks if password masking — replacing password characters with asterisks as you type them — is on the way out. I don’t know if that’s true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in passwords on small screens and annoying… Continue reading Password Masking