From Mary Brown | October 21st, 2009
Many of us who work in information security have long bemoaned the shortcomings of using passwords as an authentication factor. One of the first alternatives to passwords in the form of two factor authentication was the token that would generate a one time password solution. An interesting alternative to this token solution is an ‘out of band’ solution that involves pushing a password to the mobile phone of the user.
Are any of you currently using these or any of the out of band solutions to authenticate users? Share your experiences/thoughts by posting a comment.
For more information read this white paper. Also, check out phonefactor.com and authentify.com.
Tags: authentication, information security, mobile phone, out of band, password, passwords, two factor authentication
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0 
From Dr. Steven Brown | October 8th, 2009
The latest large scale phishing attacks not only show that people are still somewhat vulnerable to giving up personal information — they also show that we are creatures of habit. One reason why this attack was so large was that, as creatures of habit, we use the same password for multiple accounts. Once a password is figured out, all a hacker has to do is read your PC’s cookie file. Then they know the sites you’ve been on and can try logging into those sites as well. Changing/using different passwords is not difficult. There are a number of password generating software applications that you can use to create and store your passwords in an encrypted manner.
This attack has gotten so bad that even the FBI does not bank online. Read more about the attack in the New York Times.
I don’t necessarily think you need to go this far, but there are things you can do to better protect yourself.
Tags: hacker, information secruity, password, personal information, phis phry, phishing, phishing attack
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
