Two-factor authentication Archives

Home » Two-factor authentication

Five things security experts do vs. five things non-experts do

Dave Farquhar security August 2, 2015December 5, 2015antivirus, breach, malware, passwords, Two-factor authentication

There was a fair bit of talk last week about a study that compared security advice from security experts versus security advice from people who are at least somewhat interested but don’t live and breathe this stuff.

There were significant differences in the answers, and a lot of security professionals panned the non-expert advice. I don’t think the non-expert advice was necessarily bad. Mostly it was out of date.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

What I would have done to secure the Astros’ database

Dave Farquhar Baseball, security June 18, 2015August 12, 2018breach, Korea, Major League, Major League Baseball, SQL, Two-factor authentication

The now-infamous breached Houston Astros database sounds like a classic case of what security professionals call Shadow IT: a project that the business needs, done without adequate involvement from security and, most likely, from the IT department as well.

These kinds of things happen a lot. A go-getter implements it, cutting through red tape to get a useful project done in record time, and it’s great until something goes wrong.

In this case, “wrong” meant a competitor got into the database and stole trade secrets.

Dave Farquhar

dfarq.homeip.net

Beyond compliance: Maturity models

Dave Farquhar security January 2, 2014December 22, 2013Advance Auto Parts, CVS, KIM, passwords, Phoenix Project, Regulatory compliance, Two-factor authentication

A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that.

Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time they’re approved, they measure themselves against a maturity model, which compares their practices with similar companies in similar lines of work so they can see how they measure up. Read more

Dave Farquhar

dfarq.homeip.net

You need a Yubikey.

Dave Farquhar security November 14, 2013February 11, 2025computer security, lowercase letters, marx, password database, password strength, passwords, Two-factor authentication, usb port, yahoo

I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided it would be better to write about it here.

The Yubikey is a great idea, but I have reasons for using something else. I am a computer security professional by trade, but I will try to avoid as much techno-jargon as I can, and explain what I do use.

Dave Farquhar

dfarq.homeip.net

New security features for Evernote

Dave Farquhar security June 2, 2013June 2, 2013Two-factor authentication

This comes courtesy of Dan Bowman: If you’re an Evernote user (I’m not, at least not yet), it now has three new security features, including the all-important two-factor authentication. Those of you who rely on Evernote would do well to look into enabling two-factor authentication, at the very least.

Dave Farquhar

dfarq.homeip.net

Beware of unexpected links in e-mail messages

Dave Farquhar security February 5, 2013November 30, 2018spam, Two-factor authentication, yahoo

Hackers are stealing Yahoo accounts by sending messages containing malicious web page links.

The message looks like a link to a web page on MSNBC. But if an unsuspecting user clicks on it, it redirects to another page that steals the e-mail account, allowing the hacker to use the account to send spam, or grab the account’s contact list.

The gory details are here.
Read more

Dave Farquhar

dfarq.homeip.net

Workable two-factor authentication

Dave Farquhar security November 30, 2012AT&T, Fraud, internet providers, passwords, real estate, Two-factor authentication, vector, yahoo

I’m several months late to this party, but I just saw Marcel’s post on Google’s two-factor authentication with a smartphone.

He’s right. It works until someone steals your phone. Once someone steals your phone, you’re in a world of hurt. It’s just a compromise, until we find a way to do two-factor authentication the right way.

The right way is with a smartcard, issued by some sort of central authority. Read more

Dave Farquhar

dfarq.homeip.net

Don’t let what happened to Mat Honan happen to you

Dave Farquhar security August 9, 2012AES, classmate, IDS, Microsoft Office, passwords, spam, Two-factor authentication

Technology journalist Mat Honan infamously had his entire digital life hacked and erased this week. Slate published some advice to keep the same from happening to you, and my former classmate and newspaper staff mate Theo Hahn asked me to comment.

Dave Farquhar

dfarq.homeip.net

Don’t use Password1 as your password

Dave Farquhar security March 2, 2012passwords, Two-factor authentication

CNN reported yesterday that Password1 is the most common password in business environments. It’s the simplest password that meets common “complexity” requirements. It illustrates the problem with complexity requirements–a password can meet those requirements while still being extremely predictable.

As such, those passwords can be easy to guess, and they cast doubt on the entire idea of complexity.

Dave Farquhar

dfarq.homeip.net