Norway’s BankID undermines anti-phishing best practices
An easily-spoofed iframe embedded onto every random online merchant’s websites is not a safe place to enter my bank password! Is it really BankID‽
Authentication and Passwords
Why KeePass instead of self-hosting Bitwarden
You can control your password manager with KeePass or a self-hosted Bitwarden Server. One is a simple password vault file and the other a complex server.
Your clipboard is only as secure as your device
A review/critique of the complexity, security, and unpredictable user experience of modern feature-laden copy–paste clipboards in today’s operating systems.
Be wary of file sync conflicts with KeePass apps on Android
An investigation and comparison into how KeePass-compatible password manager apps for Android handle external changes to an unlocked password vault database.
How to back up your password manager
Plan for the day your password manager stops working. Even if it’s a cloud service! Backing up your password manager is harder that it sounds.
Feitian MultiPass recall highlights need to use multiple security keys
The recall of the Feitian MultiPass FIDO security key demonstrates why you always should use multiple security key products from different vendors.
Update after 3 months with Bitwarden
Bitwarden has fixed the security issues outlined in my Bitwarden review. I also discuss some missing features from LastPass and issues with the Android app.
Firefox, Security Keys, U2F, and Google Advanced Protection
How to use U2F security keys (USB A or C, Bluetooth, others) with Firefox and Google’s Advanced Account Protection program.
Why I migrated from LastPass to Bitwarden
Here’s why I stopped using LastPass and moved all my passwords and notes to the open-source Bitwarden password manager instead.
Topical leaks users’ email addresses and interests
Twitter-to-email-newsletter service Topical exposes its users’ subscriptions and interests through poor security practices.
I regret transferring my domains to Hover
Ads had promised me that Hover.com was a great domain registrar. Trusting them to handle my domains turned out to be a big mistake.
How to add CalDAV and CardDAV accounts and sync with Windows 10
Set up syncing with your CalDAV and CardDAV accounts with the built-in Windows Calendar and Contacts apps. Windows can sync with any CalDAV/CardDAV server.
Why I don’t trust LastPass with my passwords
The LastPass password manager has won the trust of millions of users worldwide. But have they demonstrated that they deserve that trust?
IP addresses as an auth factor in the era of device roaming and IPv6
Stop relying on IP addresses not changing in an IPv6-enabled world were devices randomly change their address at least once a day.
I’ve given up on the Xbox One Kinect
There weren’t really any games released for the Xbox One Kinect, and Microsoft is slowly killing it off. I stuck mine in a drawer.
Lock screens should have keyboard input protection
The screen is off. You type your password out of habit and hit Enter. You may now accidentally have sent it somewhere it doesn’t belong.
Origin game platform sends login and messages in plain-text
EA’s Origin game client puts customer’s security and privacy at risk. Fails to encrypt login data and direct messages exchanged between users.
Wi-Fi Sense in Windows 10 to reduce users’ network security
Windows 10 introduces a new feature that freely shares all your Wi-Fi passwords with your Outlook, Skype, and Facebook contacts.
Do you trust Microsoft with all your passwords?
Windows has become your password manager, but it also syncs all your credentials to Microsoft. Should you trust it with the keys to your digital kingdom?
Multiple accounts required to keep Windows private and secure
You shouldn’t use a Windows Administrative account for your everyday use. Setup one basic and one admin account to increase security.