Biometrics — Can You Afford to Lose a Finger?
Biometric authentication has been attracting a lot of attention recently. Every day you see people deftly swiping their thumbs over their phones to unlock them using fingerprint recognition. Iris scanning technology is being introduced to India’s national biometric ID system. It’s the largest such system in the world—with over a billion users—and is used to […]
Unleashing Wireshark’s Powerful Follow TCP Stream Feature
In security courses such as Learning Tree’s System and Network Security Introduction, we often hear about the insecurity of protocols such as Telnet. These older protocols send their data – including login credentials – over the network in the clear. While ssh, a secure alternative to Telnet, is used in many applications today, many sites […]
Sharing Passwords is Bad, but Should It Be Illegal?
“Don’t share your passwords with anyone!” We say it repeatedly in Learning Tree’s System and Network Security Introduction, and I’m sure I’ve said it on this blog more than once. It’s bad practice; it leads to potential insecurity, and it means systems aren’t able to properly account for use. Sharing passwords is also illegal in some […]
How To Manage Your Passwords With KeePassX
Last week I suggested a do-it-yourself approach to generating pass phrases. Using an available list of 80,489 4-to-6-character strings of words and word fragments, and randomly selecting five such strings, plus 5 digits, plus one of the 30 or so punctuation marks, that scheme could generate this many possible pass phrase strings: 804895 × 105 […]
How Can We Create Secure Passwords?
What makes a password secure? We have to keep the bad guys out while letting the legitimate user in. We need to protect authentication and prevent user identity masquerading or spoofing, so it must be impractical for the attacker to guess it. I didn’t say “impossible” because any string could be guessed eventually. But impractical, […]