authentication

The difference between two-factor and two-step authentication.

No lengthy article this time folks, just a flow diagram to demonstrate the differences between two-factor authentication and two-step verification. (full size) Why isn't an OTP via SMS a 2nd factor? At first glance, the mobile phone appears to be "something we have" (one of 3 factors necessary

Roboform Security Revisited: Lies, Deception & Misnomers.

You may recall, I recently published an article entitled "How secure is Roboform: The 5 Minute Challenge". Well, 6 months have passed and although there's been no official public response from Siber Systems, they have made a number of comments to journalists and customers by email/Facebook and

Behavioral Profiling: The password you can't change.

We're all familiar with the 3 basic categories of authentication. Knowledge factors (passwords, PINs) Possession factors (a software/hardware token - Yubikey/Google Authenticator/SecureID) Inherence factors (fingerprint, heartbeat, iris/retina scanning) While the vast majority of sites use knowledge factors, a growing number are turning to multi-factor solutions in

PwnPhone: Default passwords allow covert surveillance.

A few weeks ago, I was asked to observe an installation of several wireless access points & VoIP phones, with a view to making recommendations on how best to improve security while maintaining ease of deployment. It didn't take long for several trends to appear; chief amongst which was the

Tiffin Tom: Fish, chips and a side of identity theft

Apart from leaking everything, there's been "no breech". Avoid Tiffin Tom.

Contact Me

Have a question? Want me to review a product?

Link copied to clipboard.

Success! Your account is fully activated, you now have access to all content.

Success! Your billing info is updated.

Billing info update failed.