It looks like Google are rolling out a beefed-up security model, based around two-factor authentication. This is where a person needs to provide two forms of proof that they own the username with which they are attempting to log in.
In most two-factor schemes, the first proof is a password or PIN and the second is either a physical token of some kind (key or card) or a biometric identifier such as a facial image or fingerprint scan. The idea is that whilst an attacker might well capture your password or PIN somehow, it is going to very difficult for them to also provide physical or biometric proof.
For an organisation that can issue its employees with smart cards, this scheme works very well, but such a move would be completely impractical (and hideously expensive) for Google. Their solution is to use your mobile phone, instead!
It works like this: you log in as normal with a username and password, but then you are taken to a second screen in which you must enter a six-digit verification code. This code is delivered to your phone (which you have previously associated with your Google account).
The system seems to be designed around the assumption that users will have an iPhone, BlackBerry or Android device running the Google Authenticator app. Whilst the verification code can also be sent via SMS, I wonder whether this will be quite as efficient. Fortunately, Google provide the option to authenticate like this once per computer rather one per login, which is easier (albeit at the cost of reduced security).
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Monday, 20 September 2010
Saturday, 18 September 2010
Security & Social Networks
Talk about security in the context of social networks and many people will think first of privacy - perhaps citing Facebook's convoluted and controversial approach to this important issue as an example. But the risks run deeper than that. Security firm AVG reports that it has identified 11,701 compromised Facebook pages and 7,163 compromised YouTube pages.
AVG note that students between 18 and 25 years old are most at risk of having their Facebook status 'jacked'; this particular age group is the biggest user of Facebook whilst at the same time being significantly less concerned about Internet security and privacy than the average member of the population.
Something to think about the next time you log on?
AVG note that students between 18 and 25 years old are most at risk of having their Facebook status 'jacked'; this particular age group is the biggest user of Facebook whilst at the same time being significantly less concerned about Internet security and privacy than the average member of the population.
Something to think about the next time you log on?
Wednesday, 21 April 2010
Pilgrimage
Last week I at long last paid a visit to Bletchley Park, the centre of codebreaking efforts for the British during World War II and the birthplace of modern computing. The picture here shows the reconstructed Colossus Mk II, the world's first semi-programmable digital electronic computer, which helped to crack the Lorentz cipher used by the German High Command.
For a geek like me, standing in front of this as it whirred and clicked was a near-religious experience! The Bletchley Park huts are well worth a visit for anyone interested in cryptography or military history, and the existence of Colossus and The National Museum of Computing on site is the icing on the cake.
My photos of the day are available for viewing as a Flickr set or slideshow.
Saturday, 12 December 2009
The one that wasn't a game...
Following on from yesterday's post about the recent graphics programming assignment done by my first-year students, it is worth noting that one of our students was adventurous enough to implement something other than a game.
Alex Hawdon wrote a very interesting program that invokes p0f to analyse incoming attempts to establish TCP connections with your machine, interprets IP addresses using a GeoIP database and then serves up the results as a KML file over HTTP - the latter then being monitored via Google Earth, of course. The net result: a 3D, real-time visualisation of attempted hacks against your machine.
Alex Hawdon wrote a very interesting program that invokes p0f to analyse incoming attempts to establish TCP connections with your machine, interprets IP addresses using a GeoIP database and then serves up the results as a KML file over HTTP - the latter then being monitored via Google Earth, of course. The net result: a 3D, real-time visualisation of attempted hacks against your machine.
Subscribe to:
Posts (Atom)