The difference between two-factor and two-step authentication.
No lengthy article this time folks, just a flow diagram to demonstrate the differences between two-factor authentication and two-step verification. (full size) Why isn't an OTP via SMS a 2nd factor? At first glance, the mobile phone appears to be "something we have" (one of 3 factors necessary
Roboform Security Revisited: Lies, Deception & Misnomers.
You may recall, I recently published an article entitled "How secure is Roboform: The 5 Minute Challenge". Well, 6 months have passed and although there's been no official public response from Siber Systems, they have made a number of comments to journalists and customers by email/Facebook and
Behavioral Profiling: The password you can't change.
We're all familiar with the 3 basic categories of authentication. Knowledge factors (passwords, PINs) Possession factors (a software/hardware token - Yubikey/Google Authenticator/SecureID) Inherence factors (fingerprint, heartbeat, iris/retina scanning) While the vast majority of sites use knowledge factors, a growing number are turning to multi-factor solutions in
PwnPhone: Default passwords allow covert surveillance.
A few weeks ago, I was asked to observe an installation of several wireless access points & VoIP phones, with a view to making recommendations on how best to improve security while maintaining ease of deployment. It didn't take long for several trends to appear; chief amongst which was the