Good Security Is In Our Heads

REA Group’s CISO Craig Templeton has been in the job for just a few months. While the information security business has been largely focussed on technical skills, Templeton told his team they needed to develop a new ability; the Jedi Mind Trick. I spoke with Templeton about this and some of the challenges he sees when it comes to security and privacy.

Read more

New Standard For Website Authentication Proposed: SQRL (Secure QR Login)

“Steve Gibson has proposed a new standard method for website authentication. The SQRL system (pronounced ‘squirrel’) eliminates problems inherent in traditional login techniques. The website’s login presents a QR code containing the URL of its authentication service, plus a nonce. The user’s smartphone signs the login URL using a private key derived from its master secret and the URL’s domain name. The Smartphone sends the matching public key to identify the user, and the signature to authenticate it. It may be used alongside of traditional username/password to ease adoption.”