How to Choose a PIN

I’ve written often about the importance of choosing strong passwords. But most physical devices are protected with short PIN (personal identification number) codes. How do you pick a good one? Let’s figure out how to choose a PIN. How NOT to Choose a PIN It’s probably best to start with how not to choose a […]

How to Choose a PIN Read More »

Account Security is Broken

I spend a lot of time talking about the virtues of strong passwords (or maybe passphrases) and two–factor authentication. I’ve written about promising new authentication technologies like passkeys. But in many cases, all of that is moot. Your account security is only as secure as its weakest link. And just about every account you have

Account Security is Broken Read More »

Craft Your Access Backup Plan

[Updated May 31, 2024 to replace Raivo – here’s why] So you’re using a password manager and you’ve even enabled two-factor authentication on your password vault. That’s fantastic! Well done! But what happens it you somehow forget your master password? Or if you lose access to your two-factor authentication device? And I know it’s not

Craft Your Access Backup Plan Read More »

The Pros and Cons of Passkeys

When I first read about passkeys, I got super excited. Finally it seemed that we might truly have a “password killer” technology. Passkeys promised to be easier to use and more secure than passwords. It’s a rare thing in security when you can improve convenience and security simultaneously. However, as this cool new technology actually

The Pros and Cons of Passkeys Read More »

challenge coin

Dragon Challenge Coins v2.0!

I’ve created some really cool, security-enhancing dragon challenge coins to give away to people who are furthering the cause of privacy and security. My first set of 100 coins debuted in 2021. I gave them to my patrons who are supporting my mission to help people secure their devices and data, and to people who

Dragon Challenge Coins v2.0! Read More »

password vault

More Uses for Password Vaults

I’ve talked a lot about password managers, but I’ve mostly focused on generating and storing passwords. That frankly should be reason enough to use one. But there are many other great reasons for using a password vault. The key thing to understand is that password managers are just digital vaults. They can hold all sorts

More Uses for Password Vaults Read More »

Peppering Your Passwords

You shouldn’t know any of your passwords. You should only know one password: the master password for your password vault. That is, you should be using a password manager to generate, store and auto-fill super-strong passwords. There are other “passwordless” technologies on the horizon, but for now, passwords (with two-factor authentication) are still the best

Peppering Your Passwords Read More »

Stop Reusing Passwords

You Must Stop Reusing Passwords

A little more than a week ago, we saw perhaps the single largest data breach dump in history. This followed another massive data disclosure from the same group just a couple weeks prior. Dubbed “Collections 1-5”, together these data dumps represent literally billions of unique user email addresses and passwords. While many of the records

You Must Stop Reusing Passwords Read More »

Scroll to Top