Sponsored by:

Face ID

A 2-post collection

Face ID Stinks

I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it that should worry the masses and the one piece that suggests it's vulnerable has been pretty thoroughly debunked by Dan Goodin at Ars Technica. In all measurable ways, the security posture is as good as (or better than) Touch ID, but what about the user experience? Is Face ID a better UX or do we have it simply because Apple needed to kill...

Face ID, Touch ID, No ID, PINs and Pragmatic Security

I was wondering recently after poring through yet another data breach how many people actually use multi-step verification. I mean here we have a construct where even if the attacker has the victim's credentials, they're rendered useless once challenged for the authenticator code or SMS which is subsequently set. I went out looking for figures and found the following on Dropbox: "less than 1% of the Dropbox user base is taking advantage of the company’s two-factor authentication feature": https://t.co/AdbYwWGb7t— Troy Hunt (@troyhunt) June 3, 2016 Less than 1%. That's alarming. It's alarming not just because the number is so low, but because Dropbox holds such valuable information for so many people. Not only...

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I usually run private workshops around these, here's the upcoming public events I'll be at:

  1. AusCERT: 29 May - 1 Jun, Gold Coast (Australia)
  2. SC Awards: 5 Jun, London (United Kingdom)
  3. Infosecurity Europe: 5-7 Jun, London (United Kingdom)
  4. NDC Oslo: 11-15 Jun, Oslo (Norway)
  5. Fraud and Breach Prevention Summit: 19 Jul, Sydney (Australia)
  6. SailPoint Navigate: 21-22 Aug, Sydney (Australia)
  7. NDC Sydney: 17-21 Sep, Sydney (Australia)

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications