The modern regulatory landscape frequently mandates the collection and retention of Personally Identifiable Information (PII) and other sensitive information. Financial institutions, in particular, must adhere to Know Your Client (KYC) and Anti-Money Laundering (AML) regulations. However, current regulations may lack prescriptive guidelines for data protection, leaving organizations vulnerable to breaches. This article presents additional data protection techniques that can supplement existing regulations, rather than replace them entirely.
Written on April 14, 2023Read More
If you haven’t read I Have a Password System, and you don’t feel confident with how you manage your passwords, I recommend reading that before you come back to read the rest of this. Two Factor Authentication (2FA) is when access to something is protected by more than just one factor of authentication, for example a password. When you use a username and password, as well as an additional factor of authentication, such as a code you receive via email or SMS, you’ve got yourself Two Factor Authentication (2FA). If you had more than two factors, technically that would be Multi Factor Authentication (MFA), but the two terms are usually used interchangeably, and I’ll just refer to it as 2FA going forward.
Written on November 1, 2022Read More
Even though passwords are one of the most common and basic types of security mechanisms, few understand what makes a good password and how to deal with password management. I frequently come across individuals who have a “password system” they came up with. Usually they don’t reveal how it works exactly, but they proudly profess that they don’t need to remember all their passwords because they “modify” their main password based on the service it’s used for. Although to many this seems like a good practice, it is unfortunately a recipe for disaster, and the intuition as to why this doesn’t work isn’t immediately obvious. It’s better than using the same password verbatim, but not by a lot.
Written on October 11, 2022Read More
How much damage can a malicious actor do by getting someone to click on a link? This blog focuses on exploring the different vectors of attack, across a number of browsers, to establish whether clicking a link is enough to result in compromise of a computer, and to further explore how severe the compromise can be.
Written on October 8, 2022Read More
I’m here to tell you that visual programming, and diagrammatic reasoning in particular, is a formidable tool-set if used the right way. That is, it only seems to work well if based on a solid foundation rooted in mathematics and computer science. We already abstract our code in order to make it easier to handle — doing it using visual methods such as diagrams is just another way of achieving this.