PayPal says crooks poked around 35,000 accounts in credential stuffing attack
https://www.theregister.com/2023/01/19/paypal_data_breach/
This report says “That passwordless option is looking really good right about now” — Well, they seem to have forgotten that WHAT IS REMOVED CANNOT SERVE.
“What is removed can never be attacked” is true, and “what is removed can never serve” is also true. The latter is often…
We have published a one-stop reference paper on the security effects of removing the password from digital identity
Besides our most comprehensive dissection of the ‘passwordless’ misperception, also taken up are such related topics as
- Unable to Serve
- Pseudo-MFA
- False Sense of Security
- Cybersecurity Professionals
…
We often hear ‘xxxx-fatigue’ these days. ‘Password Fatigue’ is one of them.
Well, there could be two approaches to cope with this fatigue problem.
One is to throw away the password and give up the security somehow provided by the password. This is what ‘passwordless’ and ‘biometrics’ authentication schemes are…
How digital identity unleashes the power of institutional DeFi
We could have taken up this topic a bit differently — “How wrongly-configured digital identity de-unleashes the power of institutional DeFi”.
Wondering how we can configure digital identity wrongly?
Here are the answers -
“LOSS of Security Taken for GAIN of Security”
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
“Biometrics Unravelled | password-dependent password-killer”…