This is a story of frustration, confusion and so far no happy ending. It’s a chance for me to wax lyrical about some of the problems I see with modern “smart” consumer devices, but also, give a bit of insight into how things are put together. Let’s start, as many stories do, at the beginning…
[Read More]Nine things I hate about Multi-Factor Authentication
My love-hate relationship with 2FA/MFA
Multi-factor authentication (MFA) is a critical part of our defence of information systems, but it is far from perfect. I’ve made a list of list of things I dislike about it, not because I think that MFA needs to go away, but because if we can solve some of these gripes, MFA becomes even more powerful.
What is MFA? When I talk about MFA, I mean the authentication methods that tend to be used in addition to your username/password.
[Read More]
VPNs Considered Harmful
Confusion between anonymising and corporate VPNs is bad for cybersecurity
The Virtual Private Network, or VPN, has become a familiar term amongst Internet users in recent years. Yet, the secure tunnelling technology has been around much longer. So, why is it popular now, why should this be considered harmful, and what do we do about it?
Take the global Google Trends for the terms VPN, SSL and TLS, pictured below. Comparatively few people seem to care about SSL and TLS, but VPN sees growing interest, with repeated spikes.
[Read More]