Mitigating Credential-Stealing Malware with Two-Factor Authentication
Learn how you can mitigate credential-stealing malware and protect yourself from all kinds of information security threats.
Password Palpitations — The Ongoing Threat of LM Hashing
How do we protect sensitive information from prying eyes on our computers and networks? The simple answer is to deploy controls to monitor and restrict the transfer or viewing of sensitive data on those shared resources.
Why 2 Factor Authentication Hinges on the User Experience
With Twitter’s recent move to “push” and public-key cryptography, we and many others were glad to see them move away from SMS-only 2 factor authentication. Not only did they add better security, but they are also providing their users with a much more appealing experience.
Beyond the Vulnerabilities of the Application Specific Password: Exploiting Google Chrome’s OAuth2 Tokens
Earlier this year, we wrote about how any Google Application Specific Password (ASP) could be used to bypass 2-Step Verification. Although Google issued a fix to prevent account compromise, your ASPs can still be used to do almost anything else with your Google account.
Penetration Testing and Two Factor Authentication
> In the world of security assessments, penetration testing often stands out as "the service I need to have done" when businesses are desiring to seek out a third-party evaluation of their security posture. However, there can be a large gap between the reality of penetration testing versus what a company actually needs to have done.