BC TECH
Saved by @zmbnski
Paul Stamatiou \U0001f4f7
Paul Stamatiou 📷
@Stammy 3 months, 4 weeks ago 135 views

Just published 15,000+ words on security keys. 🔐📱💻

With SIM attacks at their highest, now is a great time to take a closer look at your online security.

Removing SMS from your two-factor auth is a start, but authenticator apps have downsides too...

https://t.co/Dk0MPJHL2V

 Just look at these headlines from recent SIM swap and port attacks.

It's all too established for attackers to find ways to socially engineer control of your phone number and start gaining control of your accounts.

I first talk about some general security tips.
Unfortunately not all websites let you remove your phone number from accounts.

You may consider migrating your phone carrier to @googlefi , which requires email account access to do anything (and can be locked down with security keys and even Advanced Protection)
Beyond SMS, I talk about issues that TOTP authenticator apps (the code generators) have as a form of two-factor auth. They're so, so much better than relying on SMS for your second factor but they still have issues like utilizing shared secrets and lacking phishing prevention.
Enter security keys!

Utilizing public key cryptography they don't have any shared secret between the client and the server. They prevent phishing by taking the website domain into account.

Even if you get tricked by a clone phishing website, your key won't.
Keys have been around for a while under various names and technologies. Recently it was FIDO U2F + CTAP1 but now we have FIDO2 WebAuthn with CTAP2..

It's all very confusing...
Security keys are great for two-factor auth but FIDO2 has a vision for more: support for platform authenticators (like fingerprint readers and other biometrics) as well as being able to use them for "passwordless" authentication. https://t.co/qHI8n8x8m6
But this area is still nascent. Plagued by years of sub-par security key support across browsers. Things have been getting better in recent years with recently updated NFC support on iOS 13 but it's still a waiting game until things are made easier.
Which brings the question.. Why must I carry around an extra device just to be safe online?

You shouldn't. WebAuthn aims to change that.

But for now, security keys—combined with strong online security best practices—are a great way to fortify your regular online activities.
This article was so long (like all of mine) that I took the time to build this little fly-out table of contents browser 🤣
I also went out of my way to design these little security key icons in figma while I was writing this 😍 cc @Yubico

More from Tech

Advertisement
Cookie Cyboid
Cookie Cyboid
@CookieCyboid
“Why are Tumblr and Facebook cracking down on sex so much? And why is Facebook in so over zealous about it? It’s all Apples fault!” Etc etc

I can explain all. It is largely the fault of a set of US laws called SESTA and FOSTA.
TECH
John Horton
John Horton
@johnjhorton
What happens when a skill you have becomes obsolete? No, this isn't a R vs. Stata thread---it's a thread about a working paper w/ @sonnytambe!
https://t.co/w6nLf1tnST


The skill we look at is Adobe Flash, which @apple decided to no longer support back in 2010, which in turn caused demand/interest to plummet, as measured on @StackOverflow and in online labor markets, one of which is our empirical context


Despite the big fall-off in Flash jobs posted, very little else appeared to change in the market for Flash skills: wages for Flash jobs didn't fall, jobs didn't become easier to fill & openings weren't inundated with out-of-work Flash programmers


What happened was that (a) new entrants stopped specializing in Flash and (b) at least some existing Flash specialists started moving to other skills. In short, the demand shock quickly became a supply shock


At the level of the individual Flash worker, using a matched sample, we find (a) no fall-off in their wages, (b) some decline on-platform hours-worked. The most-focused on Flash workers had substantial increases in application intensity and a movement towards new skills
TECH

You May Also Like

ashkan soltani
ashkan soltani
@ashk4n
BREAKING: @CommonsCMS @DamianCollins just released previously sealed #Six4Three @Facebook documents:

Some random interesting tidbits:

1) Zuck approves shutting down platform API access for Twitter's when Vine is released #competition


2) Facebook engineered ways to access user's call history w/o alerting users:

Team considered access to call history considered 'high PR risk' but 'growth team will charge ahead'. @Facebook created upgrade path to access data w/o subjecting users to Android permissions dialogue.


3) The above also confirms @kashhill and other's suspicion that call history was used to improve PYMK (People You May Know) suggestions and newsfeed rankings.

4) Docs also shed more light into @dseetharaman's story on @Facebook monitoring users' @Onavo VPN activity to determine what competitors to mimic or acquire in 2013.

https://t.co/PwiRIL3v9x
TECH
f1talks.pl
f1talks.pl
@f1talks
Oleg Karpov pisze, że gdyby Siergiej Sirotkin zdobył w pierwszej części sezonu więcej punktów od Strolla, to jego kontrakt z automatu zostałby przedłużony na kolejny sezon. Tak się nie stało i Williams ma możliwość szukania innych opcji i to właśnie robi. #F1pl

Czego w artykule brakuje, to informacji, że SMP prawdopodobnie przekazało Williamsowi część środków na sfinansowanie sezonu 2019. W przypadku zakończenia współpracy ekipa z Grove będzie musiała zwrócić te środki. #F1pl

To tłumaczy wysokie kwoty jakich Williams ma oczekiwać za fotel od nowego kierowcy. Jest pewnie próg opłacalności i dopóki nie zostanie osiągnięty, to zmiana z finansowego punktu widzenia nie będzie się zwyczajnie opłacała. #F1pl

Tyle można znaleźć w oświadczeniach prasowych... 😂😂😂
SPORT
Advertisement
Advertisement
Erik Torenberg
Erik Torenberg
@eriktorenberg
1/ Someone emailed me asking how to break into VC, so I wanted to answer on Twitter where others could see and contribute to the conversation.

2/ “Being a VC” can mean a lot of different things, so it’s worth asking:

What actual activities do you want to do?

- Deep market analysis?
- Be in the flow of information and people?
- Make deals?
- Work closely w/ founders over time (e.g take board seats?)
- Manage capital?

3/ It’s worth specifying what type of VC you might like to become — as there are different archetypes. E.g.

- Benchmark (Lead series A/B - couple investments a year)
- First Round (Lead seed rounds, partner w/ a few companies a year)
- SV Angel (Make lots of seed investments)

4/ Continued:

Expa - Incubate companies

YC / Village Global - Build a platform to help entrepreneurs at scale

Do you want to join a firm or start one? There’s a lot to consider.

Different paths will require different skillsets & sets of experiences.

5/ Since the person who wrote the email is a young person trying to break into VC by joining a firm (and who doesn’t want to start a company), I’ll tailor this tweet storm to that goal. There’s some overlap.
STARTUPS
Simon Wardley #EEA
Simon Wardley #EEA
@swardley
X : Our executive team is concerned that we need to up our game in order to out innovate Amazon.
Me : Do you map?
X : Yes
Me : Like this?
X : No. What's that?
Me : A map of a tea shop.


X : Why is that a map?
Me : Long story, all to do with how space has meaning. To keep it short, maps help people to focus on user needs, the components involved, to communicate missing components and scenario play ideas like staff becoming robots.


Me : They’re also good for measuring and managing capital flow, making investment decisions, removing bias and getting rid of duplication.
X : I don’t see how that helps with innovation?


Me : Well, innovation is a tricky word because we use it to describe many things. If you’re talking about differentiation with the adjacent unexplored then you’re experimenting in the “uncharted” space e.g. immortality with magic provided by the special custom built kettle.


X : That sounds like nonsense.
Me : A lot of what people think will be the next great innovation is nonsense. Actually, most of it is. That’s the nature of the uncharted space, it’s experimental, high risk and generally results in failure.
X : We need more reliable innovation.
TECH