Mastodon

Face ID

A 2-post collection

Face ID Stinks

I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week [https://www.cultofmac.com/518009/phil-schiller-says-face-ids-competitors-stink/] finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID [https://www.troyhunt.com/face-id-touch-id-pins-no-id-and-pragmatic-security/] just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it th...

Face ID, Touch ID, No ID, PINs and Pragmatic Security

I was wondering recently after poring through yet another data breach how many people actually use multi-step verification. I mean here we have a construct where even if the attacker has the victim's credentials, they're rendered useless once challenged for the authenticator code or SMS which is subsequently set. I went out looking for figures and found the following on Dropbox: > "less than 1% of the Dropbox user base is taking advantage of the company’s two-factor authentication feature": htt...

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I often run private workshops around these, here's upcoming events I'll be at:

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications