Getting Started with PGP in 10 Minutes or Less

Considering recent news about the collecting of data communications, I think its time to bring PGP back to life. PGP is an extremely secure encryption method that is easy to integrate into email messages. Although it has been around since 1991, early efforts to make it a standard largely [...] Continue Reading…

Dear NSA, It’s Not Just About the Spying

This not only applies to the NSA, but to Congress and President Obama: You betrayed our trust. That’s why we are angry.

It’s not about spying and it’s not about having anything to hide. The fact is, my life is very boring and it’s kind of sad knowing how many [...] Continue Reading…

Grant Edward Snowden Retroactive Immunity

Last week I was struck by the absurdly hypocritical statement by James Clapper, the Director of National Intelligence:

“The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”

I suppose that if you live at the top of [...] Continue Reading…

Pafwert: Now Open Source

More than 15 years ago I started working on a unique password generator that eventually evolved into a small program I now call Pafwert.

Pafwert is an unique tool to help you to select strong passwords that are easy to remember. Using strong entropy, tens of thousands of seed words, [...] Continue Reading…

Email: The Security Industry’s Single Biggest Failure

I still remember so clearly the frustration I felt back in the 90′s when starting in the security industry and trying to sell my services. It was so difficult trying to emphasize just how much at risk potential clients were and then get them to pay me to fix [...] Continue Reading…

Now eBay Wants in on Password Patents

I wrote a couple months ago about the many attempts to patent various methods of checking passwords. Now eBay wants in on the game with United States Patent Application 20120284783. Here’s their summary:
A proposed password is decomposed into basic components to determine and score transitions between the basic components [...] Continue Reading…

About The US Government’s Absurd Filing in a Megaupload-Related Case

You’d think the US Government has been embarrassed enough with their abuse of power and disregard for procedure in the Megaupload case that they would just let it all quietly die. No, as evidenced by a recent filing in the Kyle Goodwin case, they are going to fight this [...] Continue Reading…

RSA’s Distributed Credential Protection: Yeah They Are Overselling it a Bit.

RSA recently announced their new Distributed Credential Protection (DCP) product which they proudly tout as a “revolutionary” way to secure user credentials. But looking closer (especially at that $160,000 per license price tag), I’m not so sure this product will do much to protect anyone’s credentials.

But let me say [...] Continue Reading…

Is Mozilla’s Persona the Authentication System That We’ve All Been Waiting For? Probably Not.

Last week, Mozilla announced the first beta release of Persona. Persona, formerly called BrowserID, is a personal authentication system that aims to eliminate passwords to log in to web sites. Of course, you still need one master password to log in to Persona, but it takes care of every [...] Continue Reading…

Want to Block Common Passwords? Sorry, That is Patented

I always enjoy browsing through password-related patents to see all the flawed, silly, or outright dumb ideas that people come up with in an attempt to improve how we authenticate ourselves in the digital realm. What amazes me though is how many patents I encounter that have been granted [...] Continue Reading…