Brenna Lenoir's Blog Posts

• March 26, 2012

  Stupid Password Reset Procedures

  I couldn't agree more with Rik Ferguson and Davey Winder - the password reset process is stupid. Worse than being stupid, it is often the loophole in good account security. We recently demoed how easy it is to guess or search for the answer to someone's password reset question at RSA. Players were given a series of typical password reset questions and access to a standard social profile page. We didn't even think to ask something as simple as birthday but I can tell you we should have brought more gift cards and prizes because just about everyone could guess or search the answers with about a 90% hit rate.

  Read More

• September 27, 2011

  Passwords That Say “Hack Me”

  Ian Sherr of Dow Jones Newswires in San Francisco just published Beyond the Password in The Wall Street Journal. Sherr's article focuses on the vulnerabilities of passwords and the necessity of augmenting password protected accounts with two-factor authentication. I couldn't agree more with Sherr's assessment.

  Read More

• September 13, 2011

  Salesforce Demos TeleSign’s Two-Factor Authentication

  Last week I had the pleasure of attending Dreamforce in San Francisco, where Salesforce demoed TeleSign's Two-Factor Authentication. Demoed by Chuck Mortimore, Salesforce's Product Management Director for Security and Identity, two-factor authentication provides Salesforce users with higher levels of account security.

  Read More