Category: authentication

The future of MFA is clear – but is it here yet?

The future of MFA is clear – but is it here yet? Not all authentication is equal to the task in 2025, but there is a best choice within reach Chester Wisniewski Go to sophos

March 21, 2025
Device Code Phishing

Device Code Phishing This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support…

February 20, 2025
Pairwise Authentication of Humans

Pairwise Authentication of Humans Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how…

February 11, 2025