Security/Privacy

Beyond Passwords

Posted Mon, 2012-01-09 11:40 by geekwisdom

I've written, spoken, and taught about password management in the past. I continue to believe that password-centric authentication systems are limited in their ability to provide much assurance about a person's claim on an given digital identity. Any information system requiring more than a basic level of assurance must use stronger multi-factor authentication mechanisms that incorporate things like one-time passwords and biometrics.

Personae

Posted Tue, 2011-01-18 14:43 by geekwisdom

A persona can be defined as a social role, a mask that a person presents to the world. In a federated identity environment should a person be allowed to have multiple personas or just one?

Personae Everywhere

Steve the Christian. Steve the son. Steve the brother. Steve the husband. Steve the father. Steve the Software Architect. Steve the martial artist. Steve the missionary. In the real world we have many different facets, personae if you will.

Why I don't become a fan of pages for generic things and concepts on Facebook

Posted Sun, 2009-05-31 20:02 by geekwisdom

The "page" feature of Facebook is designed to provide a way for people to become fans of people, organizations, bands, etc. These fan pages are available to people who do not have Facebook accounts and administrators of fan pages have the ability to send updates to fans. Anyone with a Facebook account can create a fan page about anything, even things for which they are not the authority.

Personal Password Management

Posted Fri, 2009-05-15 14:02 by geekwisdom

In this video Software Architect, Steve Moitozo, addresses the issue of personal password management. For links to resources mentioned and a previous blog on this topic refer to Password Management. See the post Personal Password Management Survey to see the questions and the response numbers.

Personal Password Management Survey

Posted Thu, 2009-03-19 14:49 by geekwisdom

My next computer security video will cover personal password management. In anticipation of that I decided to do an anonymous survey to see how folks manage their passwords. I don't claim that it's statistically accurate or that it reveals anything conclusive. It's a sampling of people from Facebook, Twitter, and work.

49 people from all over the place took the survey.

-----
When asked to rate themselves on their management of passwords:
6% said less than OK
49% said OK
45% said better than OK

-----
When asked about their approach to using passwords:
57% said they use a different password for each class of service (one for commerce, one for banking, one for social services, etc.).
24% said they use a unique password for each service.
19% said they use the same password for everything.

The problem with security questions

Posted Mon, 2009-02-16 23:56 by geekwisdom

In this video Software Architect, Steve Moitozo, addresses the problem of providing secure answers to "security questions" on Web sites? He's written about this issue in the past in Death to the Secret Question and thought it would be helpful if I addressed it here in video form.

Gaming Social Networks

Posted Fri, 2008-12-19 12:30 by geekwisdom
Brad Ward's post shows how easy it can be to game a social network. I suspect this kind of gaming is already going on in various other types of groups within social networks like Facebook and MySpace.