Archives for posts with tag: passwords

Vanwege de ontdekking van de Heartbleed bug wordt iedereen aangeraden om voor al zijn accounts een nieuw wachtwoord te kiezen. De vraag is dan natuurlijk: hoe doe je dat? Hierbij een aantal tips gebaseerd op een analyse die ik eerder maakte.

Read the rest of this entry »

When signing in to iMessage, your phone sends the AppleID and password in the clear over a secure channel to Apple’s directory service (IDS). This shouldn’t be an issue, except that the channel is secured using TLS (which has some issues lately, especially on iOS). As a result, it is easy to mount a man-in-the-middle attack, allowing an attacker to retrieve the password.

Read the rest of this entry »

ubikima-logotest02Even though they are insecure, passwords are still the main form of authentication available on the web. There are several reasons for this. Users are used to passwords, and trust them. Teaching them to use something new requires time and effort. If users don’t see the benefit of a new system, they will continue using passwords. Services have been using passwords for ages. Using a different method requires a significant effort (in terms of time and other resources). Moreover, authentication systems form a two-sided market with cross side effects. This creates the chicken-egg dilemma that users will not migrate to a form of authentication that is not offered by a significant number of services, and services will not offer a new authentication method if no users use it.

The challenge is to break this vicious cycle. And UbiKiMa aims to achieve just that.

Read the rest of this entry »

Today a colleague asked me what I thought about PwdHash. I had not heard about it, so I wondered what it was.
Read the rest of this entry »