Cyber-Security For Thee But Not For Me
How some public sector entities have great cyber-awareness training, but exempt the elected and senior staff. From Great To Good in one step.
October 2021
Minimum Viable Secure Product
A simple set of controls for a Minimum Viable Secure Product. Open source for us all to use. Implement, ask in RFP, common baseline to follow
Telnet In Canada: Why?
Telnet. 40 years old, not fit for purpose. Alive and well in Canada. No amount of mitigation or multi-factor authentication makes it OK.
Multi-Factor Authentication And The Supply Chain
A high(ish) profile nodejs library is compromised. No multi-factor authentication used by developer. The ripples are far and wide. Including you!
The Personal Verification Question: Password’s Dumb Cousin
The personal verification question. The dumb, slow cousin of the password. Stored in plaintext, findable in social media. Not multi-factor auth
Syniverse Hack, Multi-Factor Authentication, Who Cares? You Should!
This article discusses SMS as a second factor for multi-factor authentication in context with the Syniverse hack.
I AM. I HAVE. I KNOW. Multi-Factor Authentication
I AM. I HAVE. I KNOW. The trifecta of simple and secure. Why does it improve security so much? Because the factors are not correlated. Use at least 2.