Rethinking strong passwords
My idea of a strong password has been a random string of characters and this xkcd comic seems to say that a random collection of ordinary words may be more secure.
Dropbox is convenient but how secure is it?
This question is driving me a little nuts lately: A potential security lapse and possibly misleading statements are plaguing Dropbox, a hugely popular file-syncing app. What are the issues and is concern justified? I migrated all my client data off Dropbox and into SpiderOak but it seems SpiderOak doesn’t offer Dropbox-like sync between my team…
Pretty impressive two-factor authentication in the @Twitter iPhone and Android apps
Twitter rolled out updates to its iOS and Android apps at the beginning of August which included a new two-factor authentication method for verifying logins (and possibly other stuff). It is worth reading the blog post describing the solution. It begins with this explanation why Twitter opted not to go with the more common two-factor…
A quick question for IT security professionals
I just read this paragraph in the Evernote security and privacy information page. Does this point to a good data security infrastructure? Operational security is equally important, and physical infrastructure and operations procedures reflect that. The data center where the Evernote service operates is SAS 70 (Type II) and SSAE16 SOC–1 (Type 2) certified and…
Why "if you've done nothing wrong, you have nothing to fear" argument is flawed
Today’s encryption may be easy to break in years to come but that doesn’t mean tomorrow’s encryption won’t be stronger. This idea of “we’ll if you haven’t done anything wrong, you shouldn’t have anything to hide” is flawed for so many reasons. It assumes we shouldn’t be entitled to a degree of secrecy based on…