"> opsec – Terence Eden’s Blog
[go: up one dir, main page]

Psssst! Your date of birth can be a random number!


A graphic of a calendar showing the date "February 25 Sunday"

For lots of online accounts, a date of birth is nothing more than a very weak second factor. The majority of places aren't checking your identity, cross-referencing your birthdate, and personalising your experience based on your Zodiac sign. At most, they'll wish you a happy birthday and / or let you recover your account by […]

Continue reading →

There's nothing you can do to prevent a SIM-swap attack


Photo of a nano SIM card and its plastic housing.

It is tempting to think that users are to blame for their own misfortune. If only they'd had a stronger password! If only they didn't re-use credentials! If only they had perfect OpSec! If only...! Yes, users should probably take better care of their digital credentials and bury them in a digital vault. But there […]

Continue reading →

Who can I hire to hack me?


GitHub screenshot "Insert your security key Press the button on your security key device to finish signing in. If it does not have a button, just re-insert it."

I use a password manager. I have 2FA set up on everything. When an organisation asks me to set a recovery question, I generate a 32 character passphrase. I don't use my mother's maiden name or my first pet's birthday on anything sensitive. I monitor my email addresses for breaches, and I regularly check my […]

Continue reading →