Security: LastPass and More
-
LastPass Tries To Bury The Full Scope Of Its Disastrous Privacy Breach Behind The Christmas Holiday
Back in August, password storage app LastPass vaguely admitted that hackers had accessed the company’s systems. In the company’s original August reveal, the company generally tap danced around the subject, claiming that while they had identified some “unusual activity,” consumer data had not been accessed.
-
My age+YubiKeys Password Management Solution
Password managers are in the news, and it’s the holidays, so it’s as good a time as ever to describe my password and secret management setup. It’s very much not for everyone, but it’s minimal, simple, and has some interesting security properties: even if my laptop were compromised, it would take an attacker a very long time to extract more than a few low-importance secrets.
I use passage, a fork of password-store that encrypts files with age instead of GnuPG, along with age-plugin-yubikey by Str4d.
-
An explainer on SMS, 30 years down the line
SMS is also one the most commonly offered methods for multi-factor authentication, being used in a variety of contexts from access to banking and government services, to acessing online accounts such as e-mail or social media. While setting up multi-factor authentication is a simple and effective step in keeping your accounts safer, different authentication methods offer different levels of integrity, and despite its popularity, SMS is likely one of the least secure authentication methods you can choose from. We will delve into some of the reasons why bellow. Having an additional authentication factor is still preferable than relying on a username and password only, but you may want to consider using a different method other than SMS.