Mastodon

Face ID

A 2-post collection

Face ID Stinks

I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week [https://www.cultofmac.com/518009/phil-schiller-says-face-ids-competitors-stink/] finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID [https://www.troyhunt.com/face-id-touch-id-pins-no-id-and-pragmatic-security/] just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it th...

Face ID, Touch ID, No ID, PINs and Pragmatic Security

I was wondering recently after poring through yet another data breach how many people actually use multi-step verification. I mean here we have a construct where even if the attacker has the victim's credentials, they're rendered useless once challenged for the authenticator code or SMS which is subsequently set. I went out looking for figures and found the following on Dropbox: > "less than 1% of the Dropbox user base is taking advantage of the company’s two-factor authentication feature": htt...