Archive | Identity and Access Management RSS feed for this section

Two-Factor Authentication Phishing

6 Oct

I’ve not blogged on two-factor authentication for a while – the roll out among major providers is encouraging – Come on Amazon and Virgin Media, it’s about time you stepped up.

Continue reading

Smart Card Management – Choose your process carefully

7 Jul

Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Continue reading

Does Two Factor Authentication Actually Weaken Security?

11 Jun

Readers of this blog will know that I am a strong advocate of two-factor authentication, commenting on it in various blog articles.

This article by Paul Moore caught my attention this week:
Continue reading

Biometrics do not solve password problems

21 Apr

One year on from the Heartbleed episode, we see more and more reports of passwords being stolen. Every time it happens some commentator or vendors will come forward and say biometrics are the answer.

They are not…

Continue reading

Council Tax – Identity Gotcha

6 Apr

When applying for various services, you have to prove your identity. A common way of doing this is to provide documentary evidence such as a recent Council Tax bill.

My recent bill from Nottingham City council has made this a dangerous route to follow…

Continue reading

Cyber Essentials: going mainstream?

24 Feb

As I’m sure many of the readers of this blog will be aware Cyber Essentials is a UK Government scheme encouraging organisations to adopt good practice in information security. It includes an assurance framework, and a simple set of security controls, to protect IT.

It was launched in a big fanfare in June of last year; it became mandated for certain UK Government IT contracts in October 2014; but it has seen relatively low take-up. Or at least thus far. Continue reading

Independent Factors

3 Feb

Two-factor authentication and two-step verification are different things.
They are remarkably similar in concept, the difference being the trust model.
Continue reading

Changing 40+ Passwords: Supplementary

22 Jul

In a previous blog series, I described my fun, games and gripes at changing 40+ passwords. Soon after the blog was posted, it struck me – there are yet more to change…

Continue reading

Changing 40+ Passwords: Alarm bells

27 May

Previously in this blog series, I looked at the process of changing and remembering 40+ passwords and recounted a few of the annoyances. In this final part, I document a big concern – in some cases changing my password was pointless (well, not quite but almost…)

Continue reading

Changing 40+ Passwords: Annoyances

20 May

In the first part of this blog series, I looked at the process of changing and remembering 40+ passwords. In this part, I recount a few of the annoyances I uncovered…
Continue reading