I’m on the train, and the chap in the seat behind me is on the phone to his bank. He has just gone through security verification. I know his name, date of birth, mother’s maiden name, address, and all the account details. Don’t be this guy. He’s an idiot. #privacy#security😖
API security touches upon various different topics. I am discussing a couple of common #API #security pitfalls at the @OWASPLondon meetup tonight. Here's an extended slide deck, with a ton of useful information. https://buff.ly/2N7ySAz
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know!
This @jack situation is making me rethink my phone number strategy. I've been treating my SIM number as disposable and easily replaceable, where the number I use for 2FA is a google voice number. But now I'm thinking treating my SIM number as a password is a better plan.