So, Tesco was hacked. Although there is no official word yet on how this happened, the chatter among people far smarter than me are suggesting the issue is related to passwords and the Tesco Club card.
I’m getting fed up with marketing that says “Passwords must die” only to present yet another solution that won’t replace them.
The challenge to solve is ubiquity – this is why passwords have stood the test of time, even with their obvious and proven shortcomings.
Dear Virgin Media
I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media). I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently. Continue reading
At the Smart Homes and Building Association (SH&BA) “Smart Home Breakthrough Summit” last week, a new Cyber Security Manifesto was unveiled by CONTEXT, a leading European IT market analysis company, and the SH&BA Security Panel. Continue reading
Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Two-factor authentication and two-step verification are different things.
They are remarkably similar in concept, the difference being the trust model.