Comments for SecurEnvoy Blog

Comments for SecurEnvoy Blog http://www.securenvoy.com/blog Latest news and comment from the tokenless two factor authentication leaders, SecurEnvoy. Wed, 24 Oct 2012 11:57:49 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on Taking remote access to the extreme by Birhat http://www.securenvoy.com/blog/2012/09/14/taking-remote-access-to-the-extreme/#comment-2059 Birhat Wed, 24 Oct 2012 11:57:49 +0000 http://lab1.securenvoy.com/blog/?p=1196#comment-2059 I use the iPhone Configuration Utility available on the Apple web site to build an iPhone user prifloe with the Pulse client preconfigured and install/apply a user digital certificate. Easy to do under VPN and the Credentials sections. Then either install the prifloe directly on the phone or export then email it.I too have found that you cannot seem to use a digital certificate *and* password authentication like Joel mentioned. With a standard web browser on a computer (not iPhone) one can enter their login/password and then select their certificate, but the iPhone Pulse client seems to be one or the other, so I had to create a new Realm with more restrictions. Not something I want to roll out for production yet. I use the iPhone Configuration Utility available on the Apple web site to build an iPhone user prifloe with the Pulse client preconfigured and install/apply a user digital certificate. Easy to do under VPN and the Credentials sections. Then either install the prifloe directly on the phone or export then email it.I too have found that you cannot seem to use a digital certificate *and* password authentication like Joel mentioned. With a standard web browser on a computer (not iPhone) one can enter their login/password and then select their certificate, but the iPhone Pulse client seems to be one or the other, so I had to create a new Realm with more restrictions. Not something I want to roll out for production yet.

]]> Comment on Passwords are proving that they are often the weakest link by Jhesy http://www.securenvoy.com/blog/2012/09/17/windows8/#comment-1971 Jhesy Mon, 22 Oct 2012 05:18:01 +0000 http://lab1.securenvoy.com/blog/?p=1204#comment-1971 Good solid advice. However, I would like to add a litlte about passwords and security.I used to work with the information security industry, and have learned that it is best to make sure that all your passwords are at least 8 characters long. Passwords should also contain at least some special symbol, like a question mark or something like that. Hackers tend to use automated brute force scripts that try millions of combinations a second. They can break a password like John1966 too, even though it has 8 characters and even a mix of capitals and numbers. How? Well, they know that people tend to choose this kind of passwords so they have these password probability matrices that define common password types like Name + Date of Birth . Anyways, you should also make sure to use a different password for every account you have, so that if one of your WordPress sites or even your email accounts gets hacked, the hackers would not automatically get access to all your stuff but just to that one site.Alright, I see i got a bit carried away .I tend to get really talkative once I start speaking about something I used to work with in the past Good luck to you guys, and don't get hacked! Good solid advice. However, I would like to add a litlte about passwords and security.I used to work with the information security industry, and have learned that it is best to make sure that all your passwords are at least 8 characters long. Passwords should also contain at least some special symbol, like a question mark or something like that. Hackers tend to use automated brute force scripts that try millions of combinations a second. They can break a password like John1966 too, even though it has 8 characters and even a mix of capitals and numbers. How? Well, they know that people tend to choose this kind of passwords so they have these password probability matrices that define common password types like Name + Date of Birth . Anyways, you should also make sure to use a different password for every account you have, so that if one of your WordPress sites or even your email accounts gets hacked, the hackers would not automatically get access to all your stuff but just to that one site.Alright, I see i got a bit carried away .I tend to get really talkative once I start speaking about something I used to work with in the past Good luck to you guys, and don’t get hacked!

]]> Comment on 66% of the population suffer from Nomophobia the fear of being without their phone by Addicted to your mobile? You may be nomophobic | Price Gadget Reviews http://www.securenvoy.com/blog/2012/02/16/66-of-the-population-suffer-from-nomophobia-the-fear-of-being-without-their-phone/#comment-1559 Addicted to your mobile? You may be nomophobic | Price Gadget Reviews Wed, 26 Sep 2012 13:06:48 +0000 http://blog.securenvoy.com/?p=825#comment-1559 [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...] [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...]

]]> Comment on 66% of the population suffer from Nomophobia the fear of being without their phone by Android On Top » Blog Archive » Addicted to your mobile? You may be nomophobic http://www.securenvoy.com/blog/2012/02/16/66-of-the-population-suffer-from-nomophobia-the-fear-of-being-without-their-phone/#comment-1558 Android On Top » Blog Archive » Addicted to your mobile? You may be nomophobic Wed, 26 Sep 2012 11:50:02 +0000 http://blog.securenvoy.com/?p=825#comment-1558 [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...] [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...]

]]> Comment on 66% of the population suffer from Nomophobia the fear of being without their phone by Technable | Making you Technically Able http://www.securenvoy.com/blog/2012/02/16/66-of-the-population-suffer-from-nomophobia-the-fear-of-being-without-their-phone/#comment-1556 Technable | Making you Technically Able Wed, 26 Sep 2012 11:18:46 +0000 http://blog.securenvoy.com/?p=825#comment-1556 [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...] [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...]

]]> Comment on 66% of the population suffer from Nomophobia the fear of being without their phone by Addicted to your mobile? You may be nomophobic | droidultimate http://www.securenvoy.com/blog/2012/02/16/66-of-the-population-suffer-from-nomophobia-the-fear-of-being-without-their-phone/#comment-1555 Addicted to your mobile? You may be nomophobic | droidultimate Wed, 26 Sep 2012 11:05:14 +0000 http://blog.securenvoy.com/?p=825#comment-1555 [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...] [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...]

]]> Comment on 66% of the population suffer from Nomophobia the fear of being without their phone by Scared of losing your smartphone? Nomophobia could be afflicting you http://www.securenvoy.com/blog/2012/02/16/66-of-the-population-suffer-from-nomophobia-the-fear-of-being-without-their-phone/#comment-1554 Scared of losing your smartphone? Nomophobia could be afflicting you Wed, 26 Sep 2012 10:49:17 +0000 http://blog.securenvoy.com/?p=825#comment-1554 [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...] [...] survey of 1,000 British workers sponsored by SecurEnvoy found that 66 percent of people fear losing or being without their mobile phone. It also discovered [...]

]]> Comment on 66% of the population suffer from Nomophobia the fear of being without their phone by Cellphone Addicts in Rehab | News from around the world http://www.securenvoy.com/blog/2012/02/16/66-of-the-population-suffer-from-nomophobia-the-fear-of-being-without-their-phone/#comment-1532 Cellphone Addicts in Rehab | News from around the world Tue, 25 Sep 2012 15:24:30 +0000 http://blog.securenvoy.com/?p=825#comment-1532 [...] only has the term gained acceptance since 2008, a more recent study of 1,000 individuals showed that the percentage of people who feared losing their phone had increased from 53 percent to [...] [...] only has the term gained acceptance since 2008, a more recent study of 1,000 individuals showed that the percentage of people who feared losing their phone had increased from 53 percent to [...]

]]> Comment on 66% of the population suffer from Nomophobia the fear of being without their phone by Nokia Launches New Budget Phones, Verizon Unlocks iPhone 5 Forever | SiliconANGLE http://www.securenvoy.com/blog/2012/02/16/66-of-the-population-suffer-from-nomophobia-the-fear-of-being-without-their-phone/#comment-1531 Nokia Launches New Budget Phones, Verizon Unlocks iPhone 5 Forever | SiliconANGLE Tue, 25 Sep 2012 12:59:31 +0000 http://blog.securenvoy.com/?p=825#comment-1531 [...] studies show that people who feared losing their phone had increased from 53 percent to 66 percent since [...] [...] studies show that people who feared losing their phone had increased from 53 percent to 66 percent since [...]

]]> Comment on Facebook and Dropbox in favour of SMS to strengthen security by Stephen Meredith http://www.securenvoy.com/blog/2012/09/07/facebook-adn-dropbox-in-favour-of-sms-to-strengthen-security/#comment-1291 Stephen Meredith Fri, 07 Sep 2012 11:20:45 +0000 http://lab1.securenvoy.com/blog/?p=1185#comment-1291 Sure, sending a text message is better than relying on just a username and password but just sending an OTP which the user simply returns only confirms that the person logging in has the phone, not that they are the authorised person. If someone has gone to the trouble of stealing the UNP credentials there is always the possibility that they could have access to the phone as well. A large proportion of corporate security breaches come from inside the organisation, I regularly forget and leave my mobile on my desk, which may be a stupid thing to do, but would make it very easy for someone to use to access my secure accounts while I am away on a comfort break. I am sure that I am not the only one who should know better. There is a very simple way of making the SMS system much more secure - but adding another step in the process involving a secret PIN it means that only the registered user can unlock the OTP from the passcode sent in plain text. Particularly if the PIN is never included in the OTP so cannot be reverse engineered if it is intercepted by a keyboard logger or man-in-the-middle attack. Sure, sending a text message is better than relying on just a username and password but just sending an OTP which the user simply returns only confirms that the person logging in has the phone, not that they are the authorised person. If someone has gone to the trouble of stealing the UNP credentials there is always the possibility that they could have access to the phone as well. A large proportion of corporate security breaches come from inside the organisation, I regularly forget and leave my mobile on my desk, which may be a stupid thing to do, but would make it very easy for someone to use to access my secure accounts while I am away on a comfort break. I am sure that I am not the only one who should know better.

There is a very simple way of making the SMS system much more secure – but adding another step in the process involving a secret PIN it means that only the registered user can unlock the OTP from the passcode sent in plain text. Particularly if the PIN is never included in the OTP so cannot be reverse engineered if it is intercepted by a keyboard logger or man-in-the-middle attack.

]]>