Blog Archives

Your passwords are bad

Choosing an effective password that’s easy to remember and type, as well as hard to guess for would-be fraudsters, is a perennial problem. But it’s one that the folks at Microsoft Research are trying to tackle with an experimental tool called Telepathwords.

Armed with an arsenal of data on common passwords and password-setting habits, the team built a tool that detects how vulnerable your password is by trying to guess the next letter as you type it.

You can visit the project site for yourself and see how predictable your own passwords are. For example, if you think a clever password would be p@$$w0rd, think again – the tool guesses it right instantly. If your password is zxserisljeerouiaer2345, on the other hand, its telepathic propensity flounders.

via The Next Web.

Using NFC, IBM brings dual-factor authentication to mobile

ZURICH, Switzerland — Banks and major Web sites often combine passwords with people’s phones to offer more secure two-factor authentication when logging onto a service with a PC. But what happens when you’re logging on using a phone?

With a new approach IBM started touting today, NFC, or near-field communications, will fill the void.

NFC wireless links can be used to let people exchange contact information by bumping phones together or to pay for products by waving a phone close to a payment terminal, but it also can be used to enable dual-factor authentication in the mobile device era, said said Diego Ortiz-Yepes, a security and encryption researcher at IBM Research in Zurich.

via CNET News.

IT’s control freak security mentality is starting to unravel

The big flaw in conventional thinking on information security has been exposed now that IT is losing direct control over enterprise computing.

For years, IT has made the mistake of equating ownership with security, according to analyst firm Gartner. But with staff increasingly using their own devices and non-IT functions buying cloud services, the failings of that assumption are clear.

“It’s not about ownership and control. That worked in the past because we owned everything. We don’t own everything and we need new models for trust and trustability that do not rely on direct ownership,” VP and Gartner Fellow Neil MacDonald said.

“In fact information security was never about device lockdown, or dictating applications or building firewalls. It was always about protecting the confidentiality, the integrity, the authenticity, the availability of information. That’s our job,” he told an audience at last week’s HP enterprise security event in London.

via ZDNet.