Friday, April 26, 2013

Cryptonerds PINs

I'm at Finse1222, attending the annual FRISC Winter School 2013. I did an evening talk (PDF) tuesday, first part about legal issues with Bring your Own Device & Mobile Device Management, second part about some random thoughts  on passwords & PIN codes. Primarily to catch some interest from the audience of PhD students and professors, most of them within infosec/crypto at academic institutions from around the world.

Based on questions and some extra interest from Andrey Bogdanov and Sondre Rønjom, the three of us decided to do a little experiment. Here are the results. :-)

Saturday, April 06, 2013

Will 2F weaken 1F?

"Well, Per isn't exactly a rocket scientist, and I have to help him with anything from shoelaces to toilet visits, but he is a KEEN debater in Internet forums..."
Ok, so this is one of those blog posts were I have spent a long time thinking about the topic, but I haven't spent much time preparing and writing it. After my tweet  here on a slow saturday afternoon, @marshray and @adamcaudill responded, and suddenly it was time to do this blog post, asking would the introduction of 2-factor authentication in an organization weaken the "something you know" part at some point?