World Password Day is today. It started as a sort of Valentine’s Day (i.e., a completely made-up day) to remind everyone to pay extra close attention to log-ins so as not to fall prey to bad actors. Nowadays, the day just seems like more of a reminder of how hackable we all are.
Below are the thoughts of some industry experts on World Password Day:
Ted Miracco, CEO, Approov
https://www.linkedin.com/in/tedmiracco
“Despite the availability of more secure methods, too many systems still rely solely on passwords for protection. This makes them vulnerable to textbook attacks such as phishing, keylogging, and credential stuffing. Combining mobile attestation with token-based API access presents a more robust and user-friendly alternative to traditional password-based authentication, particularly in mobile environments. By shifting the security focus from something the user knows (password) to something the user has (a secure device) and something the user can access (a token), the security model becomes inherently multi-factor, without the added friction typically associated with 2FA methods. This approach effectively addresses both security and usability, which are critical for mobile device interactions and the protection of sensitive data in mobile applications.”
Craig Harber, Security Evangelist: Open Systems
https://www.linkedin.com/in/craig-harber-531883188/
“Strong passwords are essential but cannot be a standalone defense mechanism to deter threat actors. The optimal length for a password depends on various factors, but security experts generally agree that a longer password is more secure. However, if the passwords are too long and too complex, users will write them down, defeating the purpose. Strong passwords must be paired with Multi-Factor Authentication (MFA) to provide a significant hurdle to stop threat actors.
“So, as we celebrate another World Password Day, it’s important to remember that without a unique, random, and complex password acting as the first line of defense, the additional protection of MFA is weakened.”
Albert Martinek, cyber threat intelligence analyst, Horizon3.ai
https://www.linkedin.com/in/albert-martinek-6267aa227/
“As the trend remains from last year, cyber threat actors don’t typically use sophisticated hacking tools and techniques like zero-day exploits to gain access to a network; they simply log in with legitimate user credentials. Once they gain initial access, threat actors then appear as legitimate users and can move laterally within a network to gain further access and establish persistence, steal sensitive data, bring down systems, and/or hold the organization hostage through ransomware.
“To help harden organizational systems and networks, as well as your personal accounts, implementing strong password policies are key. This includes sophistication and length requirements as described in the latest recommendations from NIST Special Publication 800-63B to include: 12 characters or more; no passwords matching the list of known breached passwords, no passwords derived from dictionary terms, contextual terms (company name, products name, etc.), or user information (first name, username, DOB, etc.); and uniqueness.”
Siri On The HomePod Is Currently Broken As It Can’t Tell You What Time It Is
Posted in Commentary with tags Apple on May 2, 2024 by itnerdSiri is sometimes pretty useless as a digital assistant. But you know it has hit peak uselessness when it can’t even tell time. This is currently happening to HomePod users everywhere at the moment:
Seeing as this is functionality that usually works fine, and there have been no software updates from Apple lately, this has to be a server side issue. Thus one has to assume that Apple will fix this eventually. But in the meantime, this won’t help Siri’s reputation in the slightest.
UPDATE: As of 5PM EST, this is now fixed.
Leave a comment »