Clik here to view.
Reliable 1Password backup written in Python
I’ve done a pretty deep dive comparing the features of various password managers, but one feature I didn’t cover in that analysis was backup for business customers. What commitments does the vendor...
View ArticleClik here to view.
My one indispensable infosec management tool: a simple recurring task dashboard
There is one problem that every single information security / governance / risk / compliance (GRC) organization at every company has to deal with, and that’s keeping track of all the recurring tasks...
View ArticleScripts for using Shamir’s Secret Sharing Scheme securely
The open-source package Shamir’s Secret Sharing Scheme, or “ssss” for short, allows a relatively short secret, for example, a password or passphrase, to be split into a specified number of shares in a...
View ArticleHow to protect your anonymity online when the services you use could be breached
Twitter is in the news again with another security breach in which 235 million users’ email addresses, phone numbers, and Twitter handles were exposed. These seems like a good opportunity to talk...
View ArticleWhy you should not use RegScale
You can tell a lot about the ethics and business practices of a company by their marketing practices. If they are obnoxious at marketing, they are likely to be obnoxious to deal with in general. I...
View ArticleNewly released details about the recent LastPass security incident are bad
LastPass has just released some additional details about their recent security incident in which an attacker exfiltrated users’ encrypted vaults, thereby forcing users all over the world to have to...
View ArticleLastPass still hasn’t learned the first rule of being in a hole
The first rule of being in a hole is, when you’re in a hole, stop digging. LastPass apparently hasn’t learned this. Today, LastPass sent email to all of its customers with an update about its recent...
View ArticleHow a bad password policy at Bank of America reduces security
Yesterday, I was helping my elderly uncle reset the password on his Bank of America account. My uncle, alas, uses the same password on every web site, a password which has been in so many security...
View ArticleYou should be backing up your password manager
I know we’re all having fun piling on LastPass for their most recent in a long series of missteps (“LastPass users furious after being locked out due to MFA resets”), but there’s an important lesson...
View ArticleClik here to view.
Why is PayPal still so incredibly awful?
A few days ago, I created a new PayPal account for the non-profit charitable organization I lead (I frankly didn’t want to use PayPal, for reasons which will be clear by the time you finish reading...
View Article
