AliceBob&Eve - A blog about software security, specifications and fuckups. Mobile Version.

Latest entries

  • 2nd Factors, an overview about Fido, OATH and One-Time-Pads

    I felt like upgrading my Yubikey to a USB-C version and use that opportunity to dive a little bit deeper into the different OTP specs and how I want to use my second factor. Still falling down the rabbit hole, but here is some kind of overview of fido2, u2f, oath-hotp, yubico-otp and others…
    (~ 9 minutes reading time) Read more...

  • Don't use security questions!

    The railway company Deutsche Bahn just added security questions to their booking application, or at least bothers me to add some. It’s 2019 and we all should know by now, that this kind of measures weaken security. Let’s see why…
    (~ 7 minutes reading time) Read more...