Tales from the Crypto

         Alun Jones (Security MVP Reconnect) writes about security, cryptography, SSL, PKI, and pretty much anything else that bothers him enough.

Archive for December, 2016

December 30, 2016

Security Questions are Bullshit

  I’m pretty much unhappy with the use of “Security Questions” – things like “what’s your mother’s maiden name”, or “what was your first pet”. These questions are sometimes used to strengthen an existing authentication control (e.g. “you’ve entered your password on a device that wasn’t recognised, from a country you normally don’t visit – […]

December 4, 2016

How to do password reset

Filed under: General Security,Programmer Hubris @ 9:04 am

First, a quick recap: Credentials include a Claim and a Proof (possibly many). The Claim is what states one or more facts about your identity. A Username is one example of a Claim. So is Group Membership, Age, Eye Colour, Operating System, Installed Software, etc… The Proof is what allows someone to reliably trust the […]

© 2017 Tales from the Crypto   Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs