Monday, September 23, 2019

Banks, Arbitrary Password Restrictions and Why They Don’t Matter

Presently sponsored by: Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure users in mins with a free dev account.Allow me to be controversial for a moment: arbitrary password restrictions on...

Weekly Update 156

Presently sponsored by: Sponsored by Okta: You wouldn’t roll your own hashing algorithm, so why build your own auth? Secure users in mins with a free dev account.Turns out it's actually a sunny day in Oslo today, although it's...

Weekly Update 155

Presently sponsored by: Friends don’t let friends write user auth. Use Okta instead. Start your free trial today.From the emerging spring to the impending autumn, I'm back in Oslo at the beginning of another series of European events that'll...

Weekly Update 154

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"How's that for a setting in this week's video? 🌴 First day of spring here...

Weekly Update 153

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Australia! Sunshine, good coffee and back in the water on the tail end of "winter"....

Weekly Update 152

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"I made it out of Vegas! That was a rather intense 8 days and if...

Extended Validation Certificates are (Really, Really) Dead

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Almost one year ago now, I declared extended validation certificates dead. The entity name had...

Weekly Update 151

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed...

Weekly Update 150

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Vegas! I'm a bit late with this week's update but I thought I'd catch up...

Welcoming the Irish Government to Have I Been Pwned

Presently sponsored by: strongDM-see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else"Over the last year and a bit I've been working to make more data in...

Weekly Update 149

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.What. A. Week.I've been in San Fran meeting with a whole bunch of potential purchasers for HIBP...

Weekly Update 148

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.It's the last one from Norway before heading off to the US and diving into the deep...

Authentication and the Have I Been Pwned API

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.The very first feature I added to Have I Been Pwned after I launched it back in...

Weekly Update 147

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.So "Plan A" was to publish Pwned Passwords V5 on Tuesday but a last-minute check showed control...

Pwned Passwords, Version 5

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern...

Weekly Update 146

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.After a very non-stop Cyber Week in Israel, I'm back in Oslo working through the endless emails...

Microsoft MVP Award, Year 9

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.I've become especially reflective of my career this year, especially as Project Svalbard marches forward and I...

Welcoming the Austrian Government to Have I Been Pwned

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.Early last year, I announced that I was making HIBP data on government domains for the UK...

Weekly Update 145

Presently sponsored by: If engineers need access, you need strongDM. Use your SSO to grant or revoke access to any database, server, or k8s. Try strongDM now.Something totally new this week - Israel! I spent the week in Tel...

Weekly Update 144

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackSo first things first - my patience for the Instamics we're wearing just reached zero. One of them recorded and one of...
SC Magazine

Ning Wang – Offensive Security

Ning WangCEO Offensive Security Why Nominated: Ning Wang is a rising star has worked to break the boundaries in the security industry, so that people can see that anyone is capable of starting a career in cybersecurity and advancing it –...
SC Magazine

Dani Martínez – IOActive

Dani MartínezSecurity ConsultantIOActive Why nominated: Dani Martínez proved to be a self-starter, beginning his career in IT he soon developed an interest in cybersecurity and began taking online courses in his spare time. Martínez also dove write in and began a cybersecurity blog...
SC Magazine

Maurice Stebila – Harman, a Samsung Company

Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company Why nominated: Maurice Stebila has spent more than 30 years in the automotive, manufacturing and financial services industry supporting two of the world’s largest companies – EDS/General Motors and Harman by Samsung...
SC Magazine

Ed Adams – Security Innovation

Ed AdamsPresident and CEOSecurity Innovation Why Nominated: A highly respected veteran of the cybersecurity industry, Security Innovation CEO Ed Adams has taken on several new leadership roles in the year or so. Last April, he was named to board of directors of...
SC Magazine

David Archer – Galois

David ArcherPrincipal scientistGalois Why Nominated: Archer, an advocate for preserving privacy of data even when it’s used in decision-making both within the U.S. at all levels of government as well as internationally, directs research in privacy-preserving information technologies. Profile:  David Archer is all...