Entries:
Comments:
Discussions:

Loading user information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading user information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Jessy Irwin on Online Security

36 minutes, 20 seconds

Download

Right click “Save as…”

While in San Francisco I had the privilege of spending some time with Jessy Irwin to discuss all things security. Lately with a rash of security breaches I've become concerned about how safe I've been online. I knew there were some things I could do personally and as a developer to be more secure but thought I should check in with someone who knows tons more than I. Jessy did not disappoint! Thankfully I received the scolding I needed (and deserved) regarding some of my more insecure online practices along with some tips to become a more secure developer. I hope you enjoy our conversation as much as I did!

 

Tag:

Follow the discussion

  • Oops, something didn't work.

    Getting subscription
    Subscribe to this conversation
    Unsubscribing
    Subscribing
  • Until now, I have thought of compartmentalization only as a privacy related measure, so this interview was quite inspiring.

    However this raises a question: Is there a recommended practice for handling single sign on services (like Microsoft Account, etc.) that push you to only use one account?

     

    PS: I think you forgot to link https://twofactorauth.org/

  • JessyJessy

    This is a great question! For Single Sign On services, it is important to be aware of how accounts can be linked together. I recommend using a very strong password (long, random, unique... preferably generated by your password manager), turning on two-factor authentication for that service, and keeping notes in the password manager about the services you've authorized to rely on those credentials. Once every quarter, I go in and review accounts that are linked to SSO services, especially anything connected to a social media account or a service tied to my identify for email, and I nuke anything that hasn't been used in a few months, anything that looks weird, or anything I know I have not used in awhile. Because all of your eggs are resting in one SSO basket, so to speak, it's best to review this regularly and stay on top of the credentials-- because they can be linked to so many places, they're high-value targets for sure.

    If you're wanting to use SSO, but also maintain anonymity or a separate identity, just make sure that the streams of your real identity and your anonymous handle never cross.

Remove this comment

Remove this thread

Close

Comment on the post

Already have a Channel 9 account? Please sign in