With so many people at home, there seem to be a large number of Facebook quizzes and challenges that ask you to share personal information with friends. Some of them are fun, but what usually follows is a meme saying to stop sharing your personal […]
Category: Security
Chase does it (mostly) right
I got an email from Chase this morning that my password there was compromised, but I don’t see any current news about it. They did have a data breach in 2014, but I’ve changed my password at least once since then. Going directly to the […]
Bad Password Rules
There simply is no legitimate reason to limit the special characters one can use in a password, as the site in the image for this post is doing. The reason this was done in the past was because of the risk of SQL injection. However, […]
Security Keys
One of the newer options for multi-factor authentication is using a security key, like the YubiKeys in the picture for this post. While not widely supported yet, many of the big tech companies – Google, Facebook and Dropbox, to list a few examples – do […]
Your Disney+ Account Was Not Hacked
There has been a lot of inaccurate information about Disney+ accounts getting hacked. Some of it was early reporting (before Disney had responded and before much was known about what was happening) and some of it is just lazy reporting. It is pretty clear now, […]
No one is giving away free stuff on Facebook*
There are several of these making the rounds yet again. In just the last week I have seen ones for Bud Light, Coors and Costco. There have probably been others. The problem is, the vast majority of these are phishing (or more specifically, clickjacking) scams. […]
Two-Factor Authentication (2FA)
Password rules suck (or worse). But what is the solution? Two-factor (or multi-factor) authentication. In other words, combining something you know (your password) with something you have (phone, 2FA key, biometrics, etc.). A common way a lot of sites do this is sending a text […]
Securing My Site: First Steps
As mentioned in my introduction, I recently changed positions at work, and I am now heading our newly created secure coding team. I’ve always had a strong interest in making sure our applications were as secure as possible, and in the early days at my […]