Who do you trust with your identity?

  • Post author:
Read more about the article Who do you trust with your identity?
Who will you trust with your identity?

This is the second in a series of articles, which started with The long goodbye to passwords. You might want to read that first, if you haven't already. Let's start with a few questions: Have you ever had your password exposed by hackers, such as was done with Adobe, Gawker, Cupid Media, Stratfor, Yahoo and Sony users? When you go to a web site to buy something, and they offer to store your credit card information, do you let them? If you answered yes to #2 above, what sites do you say yes to, and why? How many companies have direct access to your bank account, such as PayPal, other payment service, or a stock brokerage? Have you been pwned?* Let's start with question number one. Has a password of yours been revealed by having an account hacked? You might not even know it. Troy Hunt operated a very interesting site called ';--have i been pwned? where he has collected many of the files stolen from web sites by hackers (and subsequently released online) and made an interface where you can search by username or e-mail and see if it shows up in any of the files. Adboe itself had over…

Continue ReadingWho do you trust with your identity?

The long goodbye to passwords

  • Post author:

First of all, if what's written above is your password, you need to change it now. I'll wait. Okay, good, now for the rest of the article. Why Passwords Don't Work It's not much of a secret that passwords are not a very good way to secure information. The real problem is when companies try to make users utilize more secure passwords, they end up making the whole system less secure. Does that seem counterintuitive? Here's a scenario. A company wants to make their corporate systems more secure. They decide that the passwords their employees are using are not secure enough, so they institute rules for passwords, which include: Must be 8 characters or longer Must include a lowercase letter Must include an uppercase letter Must include a number Must include a non-letter/number character Must not be the same as the previous password used Must not be the same as the username, or contain the username You've probably run across these rules before. You may not have seen all of them, but you've probably seen most of them, and probably many of them with a single system. In theory, these are all good rules. Where they lead to a less…

Continue ReadingThe long goodbye to passwords

End of content

No more pages to load