Did Google Miss the Mark With Push To Make Passwords Obsolete?
On Saturday, Forbes discussed Google’s 2014 vision to make user-generated passwords obsolete. It’s an initiative that deserves praise and is long overdue. Someone is finally taking strong authentication and identity-based security seriously — particularly in the consumer space. It does, however, come with some caveats. Google is demonstrating that identity-based security solutions are available for [Read More...]
Entrust at RSA: Secure Mobile, Leverage Mobile
During RSA Conference 2013 at Booth 1139 this week, Entrust authentication experts Mike Moir and Mike Byrnes are showing how organizations are able to deploy a two-pronged approach to not only secure mobile identities and transactions, but also leverage mobile devices to secure the online channel.
Entrust at RSA: Welcome to San Francisco
Greetings from the Bay Area. Entrust is live at the Moscone Center for the opening night of RSA Conference 2013. If you weren’t able to make it out to the West Coast, we’ll have you covered right here on the Entrust Insights blog.
Public Key Pinning Extension for HTTP
In 2011, Google added public key pinning to Chrome. They white-listed the certification authority public keys that could be used to secure Google domains.
Yahoo turning on SSL
Yahoo is jumping on the SSL bandwagon to help secure their users’ email.
TURKTRUST Unauthorized CA Certificates
Although unrelated to Entrust, I thought you might be interested in the news about TURKTRUST.
HSTS RFC Finalized
HTTP Strict Transport Security (HSTS) has been finalized and published as RFC 6797. The purpose of HSTS is to allow a website to declare to complying users’ agents that they should interact with it using a secure connection such as HTTPS. In order to implement HSTS, a website must have a statement in its header, such [Read More...]
Certificate Transparency Birds of a Feather
I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.
Android SSL Problems
There have been a lot of articles written recently about Android SSL problems for applications, which were recently reported by German university researchers.
HTTPS Everywhere 3.0
The Electronic Frontier Foundation (EFF) has released HTTPS Everywhere 3.0.