Tuesday, July 27, 2021

Summary Post

Summary Post


SimplePass receives an A+ on SSL Labs. The report can be accessed here.

A video demoing the usage and features of SimplePass can be accessed here.


ALight Technology And Services Limited is now a Microsoft Partner!

Partnership related link: https://www.alightservices.com/partnerships

Here is the link to partner details webpage on Microsoft's website: Microsoft Partner Details

With that, ALight Technology and Services Limited is open for offering consulting and development services.

Remember that the address is a virtual office.

Official LinkedIn, Facebook and Twitter links are:

Facebook

LinkedIn

Twitter




There is a super-advanced technology that is state-sponsored and has invisible drones with some very advanced technology. Such technology does exist, and some of the capabilities are:

1) Spying camera, can see from various angles. So whatever you see/hear can be seen and heard by the state-sponsored spies.

2) Whispering speakers can make sounds, talk, whisper like devil / satan.

3) The most advanced technology - Mind reading capabilities - They can know what you think/visualize.

There might be some more technologies, including some invisible hand type of technology, such as the capability to press keys on an unattended laptop/mobile.

 

In this kind of state-sponsored advanced raw technologies, how can we protect our accounts? How can anyone be protected in a world of targeted hacking?

 

1) Passwords should not be displayed/memorized/typed.

2) Even if a password is memorized or keyed in, some multi-factor authentication and the authentication method should not allow duplicate logins. For example, if the hacker/spy also entered the same password and the same OTP, the system should reject both attempts.

 

With the above two points in mind, simple pass is trying to solve a specific problem. That's why simplepass never shows passwords on-screen nor allows entering your passwords. Once all the features of the free version are entirely implemented, there might be some paid subscription features that will address the above-mentioned problems in a very secure way.

As of now, as a user of SimplePass, you are responsible for the physical security of your device, how and where you store your backups.

 

This blog will periodically provide articles and practical tips on securing accounts and various ways of protecting passwords/accounts. Maybe even provide tips and tricks for security-conscious developers.




It's always a good practice to secure online accounts. This article describes some ways to secure accounts.


Most online accounts nowadays have support Multi-Factor authentication (MFA). When and where possible, enable MFA. Some of my favorites that provide MFA are GMailOutlookFacebook. Several different types of MFA options are available:

1) OTP based - The application would send a small special code to a specified email / mobile number and prompts for that code to be entered. Although, I like this approach, I am a bit skeptical.

2) Mobile notification alerts - Some applications send a alert to a mobile application and ask for approval. Microsoft, excels in this approach, by displaying a special code on the login screen, the notification displays the special code and prompts for approval. I like Microsoft's approach in this method.

3) Physical Hardware Key such as YubiKey from Yubico. This is my most favorite approach. The small hardware key just sits on my keychain along with my physical keys such as house key etc... The drawback is what happens if the key gets damaged.

4) Authentication Codes: Some websites, allow scanning a QR code as MFA in applications such as Microsoft Authenticator / Google Authenticator. Once successfully setup, the website prompts for a code to be entered, the Authenticator applications display a unique time based code that gets changed every few seconds.

Each approach has it's own strengths and weaknesses. For example, what would happen if you lose sim card / mobile phone / hardware key. How easy is it to backup accounts, restore accounts. Irrespective of the MFA approach that you would use, it's always a good idea to enable and use MFA.

Some websites if not all have a recent activity page that displays sign-in attempts, where the account is logged in and allows remotely logging out those unused sessions. I would say regularly reviewing this activty and removing unused sessions would be prudent.

 

Stay safe and vigilant from online hackers and frauds!

Summary Post

No comments:

Post a Comment

25% off sale & plans of Trustworthy and Responsible AI

25% off sale until 12/04/2024! This sale is for ThanksGiving, BlackFriday and CyberMonday sale. A minor update was done. This update had...