We Need to Talk About NIST’s Dropped Password Management Recommendations

Passwords and their protection are among the most fundamental, essential aspects of enterprise data security. They also make up the bane of most users’ relationships with their enterprise devices, resources and assets. It seems no matter how stringent or lax your password policy is, the directive will be met with dissension from a significant portion of your staff. It’s frustrating for everyone — the IT department, C-suite and employees.

Read More >
Yes, Google’s Security Key Is Hackable

Here is an article by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4

Ever since Google told the world that none of its 85,000 employees had been successfully hacked (https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/) since they started implementing Security Keys, like Yubico’s YubiKey (https://www.yubico.com/products/yubikey-hardware/), I’ve been contacted by friends and the media about my thoughts.

Read More »
4 scams that illustrate the one-way authentication problem

These scams rely on tricking consumers into believing they are interacting with a trusted vendor. Here’s how vendors can prevent the scams.

My 11 ways to hack 2FA column a few weeks ago continues to be a popular discussion topic with readers. Most people are shocked about how easy it is to hack around two-factor (2FA) and multi-factor authentication (MFA). It isn’t hard. Sometimes it’s as easy as a regular phishing email.

Read More »