passwords, Security technology, Uncategorized, usability
Matt Burgess tries to only use passkeys. The results are mixed. Powered by WPeMatico
Category: usability
Auto Added by WPeMatico
apple, cybersecurity, ios, Security technology, Uncategorized, usability, vulnerabilities
I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most … Read More “Apple’s Lockdown Mode” »
academic papers, operating systems, security engineering, Security technology, steganography, Uncategorized, usability, vulnerabilities
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog: We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see … Read More “Hiding Vulnerabilities in Source Code” »
academicpapers, authentication, cellphones, fraud, Security technology, simcards, smartphones, usability
SIM hijacking — or SIM swapping — is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. … Read More “SIM Hijacking” »
computersecurity, riskassessment, risks, Security technology, securityawareness, securityeducation, socialmedia, twofactorauthentication, usability, voting
Really interesting first-hand experience from Maciej Cegłowski. Powered by WPeMatico
authentication, Security technology, twofactorauthentication, usability
Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it’s often an important security measure, it’s not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system. Powered by WPeMatico
apple, authentication, banking, ios, Security technology, sms, twofactorauthentication, usability
Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points … Read More “Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill” »
internetofthings, passwords, Security technology, usability
Slashdot asks if password masking — replacing password characters with asterisks as you type them — is on the way out. I don’t know if that’s true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in passwords … Read More “Password Masking” »
backdoors, encryption, facebook, Security technology, signal, usability, vulnerabilities, whatsapp
Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages. It seems that this vulnerability is real: WhatsApp has the ability to force … Read More “WhatsApp Security Vulnerability” »
email, encryption, pgp, Security technology, usability
A few days ago, I blogged an excellent essay by Filippo Valsorda on why he’s giving up on PGP. Neal Walkfield wrote a good rebuttal. I am on Valsorda’s side. I don’t like PGP, and I use it as little as possible. If I want to communicate securely with someone, I use Signal. Powered by … Read More “The Pro-PGP Position” »