After months of tweets, emails & articles from eminent figures like Troy Hunt & the NCSC, it's about time I weighed in on the debate surrounding sites which disable a user's ability to paste passwords. The general consensus amongst many experts, including those mentioned above, is that disa…
Paul MooreEver since publishing a "two factor authentication vs two step verification" article in 2014, I've been waiting for an opportunity to irrefutably demonstrate the difference. Note: This article is very much a "work in progress" as until both exploits are patched, I can't provide…
Paul MooreYou may recall, I recently published an article entitled "How secure is Roboform: The 5 Minute Challenge". Well, 6 months have passed and although there's been no official public response from Siber Systems, they have made a number of comments to journalists and customers by email/Faceboo…
Paul MooreAh, passwords. The thought of choosing, remembering and inevitably resetting them is enough to make your blood boil. As a fundamental part of our digital lives and despite several reports claiming they're dead, our dependence on them shows little sign of slowing. A password manager is a great way…
Paul MooreNo lengthy article this time folks, just a flow diagram to demonstrate the differences between two-factor authentication and two-step verification. (full size) Why isn't an OTP via SMS a 2nd factor? At first glance, the mobile phone appears to be "something we have" (one of 3 factors neces…
Paul MooreThis article flies in the face of general consensus. As you're here, you either share this view or you're questioning my sanity and/or logic. Adoption Rates Ultimately, the success of any new technology hinges on the end-user. Trouble is, 2FA isn't new... we've used it in various contexts since th…
Paul Moore