Security 47 – Too Much Security

We had a topic on hand, but we shifted to pitfalls of Two Factor Authentication. Tom did a great presentation at OISF, and we figured we would discuss that. We finish with some pitfalls IT uses to try and make people more secure, but fail.

The first 10 minutes or so, have some slides. You should watch them.

Show Notes:
Tom Webster – Two Factor General Discussion

Security 41 – Listener Feedback and News

This week we had two great questions from listeners that we needed to answer.

Gunnar had a question about how to prevent traffic from leaving his phone before the VPN kicked in. Short answer: It depends, but there is no good answer.

A YouTuber, DaNutcase8210, asked if there was anyway to access an encrypted truecrypt volume if you accidentally deleted your key file. Answer: Probably not.

After we discussed two news stories:
1) Russian security Firm steals 1.2 billion credentials. The general consensus is that there shouldn’t be any real worry. We both think this sounds fishy
2) Paypal’s 2FA has been compromised.

Show Notes:

Bruce Schnier | response on the 1.2 billion credentials being stolen
Brian Krebs | Legitimate concern
PayPal 2FA compromised

Security – 30 – Fido Alliance With Yubico

First off, why I said this was episode 42 is beyond me. Today we are joined by John Salter of Yubico and Board Member of the FIDO Alliance to tell us what is going on with passwords, two factor authentication, and the future of authentication. Turns out passwords will be replaced with PIN codes, and 2FA will be replaced by U2F (universal two factor).

John does a live demo (that you should watch on youtube) that shows us how this works.

Finally we talk about the need for the FIDO Alliance, and why this is a huge step forward for the web.

Show Notes:
Yubico
Fido Alliance