Category Archives for "Strong Authentication"

Post Yahoo, Passwords are Passé

14% of Worldwide Internet Users Were Exposed

I’m sure if you are reading this, you are already aware of the historic Yahoo data breach that was announced last week.  500 million accounts affected — the largest number of accounts ever affected by a known breach.  Let’s put that into perspective — according to the US Census Population Clock, the current population of the US is 324 million.  That means this hack could have contained an account for single person in the United States and still had 126 million accounts to spare.  …

What’s next after SMS one-time passwords?

NIST has gotten a lot of attention lately because they pointed out that SMS is less secure than many people think, and if you’re trying to shore up passwords with a second login method, you should probably consider using something that’s more secure. This type of “shoring up” of passwords is called two factor authentication, or 2FA for short.

People use 2FA for lots of stuff, from protecting classified information to protecting your Tweets. …

Why We Need To Move Beyond Passwords

In my previous blog, I briefly touched on the fact that many Internet of Things (IoT) devices today have defaulted to the lowest common denominator for security and authentication: passwords. IoT devices — particularly mobile devices — introduce security and privacy risks because most have a limited user interface that can only handle short, easy-to-crack passwords.

The proliferation of mobile and IoT-connected devices has accelerated the need for user authentication that moves beyond passwords, …

Tozny CEO interviewed about PKI

Isaac contributed to some technical background for an interesting article at about the use of Public Key Infrastructure (PKI).

“Humans are terrible at generating and remembering random stuff, and the strong crypto on PKI is virtually impossible to brute force,” said [Tozny CEO] Isaac Potoczny-Jones, research lead, computer security, for Galois, a technology research and development consulting firm with an office in Arlington, Virginia. “On a scale from one to 10, …

Podcast: Tozny CEO Interviewed by Regarding ID

Regarding ID Podcast

Click here to listen to Tozny CEO, Isaac Potoczny-Jones’ interview about the new NSTIC projects on the Regarding ID Podcast.

Galois, a Portland-based company that focuses on cyber security primarily for the U.S. government, is the final winner of the fourth round of NSTIC pilots.

Galois and its partners will build a tool that relies on biometric authentication to enable the storing and sharing of private information online. …

Article: Don’t fall into the MVP trap!

In August, Software Magazine published Tozny CEO Isaac Potoczny-Jones’ article on building security into the software development lifecycle. His key point is that the market demands of software development encourage leaving security to the end user for a variety of reasons:

  • Many companies want to validate a market before investing in product security, so the “minimum viable product” (MVP) approach might leave it out.
  • The risk of getting attacked is lower at the beginning of a product’s lifecycle, …

KATU News: Baby Monitor Hacks

KATU News: Baby Monitor hacks

Tozny CEO, Isaac Potoczny-Jones, was interviewed via Skype by KATU news to comment on about Rapid7’s case study on security vulnerabilities for baby monitors.

Key points to highlight:

  • Internet of Things devices are being connected to the Internet without sufficient analysis of potential security problems.
  • The security industry doesn’t have enough personnel to help address these issues.
  • Companies don’t take security seriously during product development. …

Talk: An Overview of Emerging Cybersecurity Policy and Law

Overview of Emerging Cybersecurity Policy and Law

Why is cybersecurity such a hard problem? The US government, its citizens, and the organizations that write software are all on the same team, but in many cases, our interests are just not aligned. For instance, there have been endless political and social disagreements about the best way to share cyber threat intelligence without sacrificing consumer privacy.

It’s these competing concerns that are the kink in our collective armor and that’s what our adversaries exploit, …

Talk: 2015 Northwest Aerospace & Defense Symposium

Northwest Aerospace & Defense Symposium

This past week, Tozny CEO, Isaac Potoczny-Jones spoke on cybersecurity policy and law for the Pacific Northwest Defense Coalition and Pacific Northwest Aerospace Alliance. The talk was part of the 2015 Aerospace & Defense Symposium held at Joint Base Lewis-McChord.


Isaac shared the stage with Peter S. Chiou, Principal Strategist and Business Development Manager for Azure DoD, Microsoft and Special Agent Joshua Michaels of the FBI Cyber Task Force. …

Talk: User Identity and Authentication in WordPress

[button style=”btn-default btn-lg” icon=”glyphicon glyphicon-arrow-down” align=”left” type=”link” target=”false” title=”Download the Slides” link=””]

The other day I gave a talk at the Portland WordPress Developers Meetup about authentication in enterprise and web environments and how WordPress fits into the Identity Management alphabet soup. At the end, I showed off our WordPress Plugin, which can be used for easy and secure login to WordPress instances.