Jessy Irwin on Online Security

Download this episode

Download Video

Description

While in San Francisco I had the privilege of spending some time with Jessy Irwin to discuss all things security. Lately with a rash of security breaches I've become concerned about how safe I've been online. I knew there were some things I could do personally and as a developer to be more secure but thought I should check in with someone who knows tons more than I. Jessy did not disappoint! Thankfully I received the scolding I needed (and deserved) regarding some of my more insecure online practices along with some tips to become a more secure developer. I hope you enjoy our conversation as much as I did!

 

Tag:

Security

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      chdft

      Until now, I have thought of compartmentalization only as a privacy related measure, so this interview was quite inspiring.

      However this raises a question: Is there a recommended practice for handling single sign on services (like Microsoft Account, etc.) that push you to only use one account?

       

      PS: I think you forgot to link https://twofactorauth.org/

    • User profile image
      Jessy

      This is a great question! For Single Sign On services, it is important to be aware of how accounts can be linked together. I recommend using a very strong password (long, random, unique... preferably generated by your password manager), turning on two-factor authentication for that service, and keeping notes in the password manager about the services you've authorized to rely on those credentials. Once every quarter, I go in and review accounts that are linked to SSO services, especially anything connected to a social media account or a service tied to my identify for email, and I nuke anything that hasn't been used in a few months, anything that looks weird, or anything I know I have not used in awhile. Because all of your eggs are resting in one SSO basket, so to speak, it's best to review this regularly and stay on top of the credentials-- because they can be linked to so many places, they're high-value targets for sure.

      If you're wanting to use SSO, but also maintain anonymity or a separate identity, just make sure that the streams of your real identity and your anonymous handle never cross.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.