All of the technical security in the world won’t fix the biggest security problem: people. Let’s face it, we are the weakest link. Adding more security doesn’t work, it only causes people to figure out ways to get around the security. The more secure you make something, the less secure it becomes. Why? Because when security gets in the way, sensible, well-meaning, dedicated...
Two factor authentication
The drumbeat of “secure your accounts; help your customers secure their accounts with you” advice has faded away a bit, probably because we’ve not had a major ESP account compromise hit the media in the past few months. The costs – customer support, security, reputation, executive focus – of customer account compromises are still significant, anything you can easily...
Defending against the hackers of 1995
Passwords are convenient for the end user, but it’s too easy to lose control of them. People share them with other people. People write them down, where they can be read. People send them in email, and that email is easily intercepted. People’s web browsers store the passwords, so they can log in automatically. Worst of all, perhaps, people tend to use the same username and password...
What is Two Factor Authentication?
Two factor authentication, or the snappy acronym 2FA, is something that you’re going to be hearing a lot about over the next year or so, both for use by ESP employees (in an attempt to reduce the risks of data theft) and by ESP customers (attempting to reduce the chance of an account being misused to send spam). What is Authentication? In computer security terms authentication is proving...