When it comes to authentication, multi-factor authentication is the name of the game. We’ve spilled a lot of digital ink on the topic previously, and using a combination of some things that you know, are or have can help massively to secure your online accounts. However, mishandling multiple methods of authentication can actually make you more vulnerable than if you were just using the one method—you can end up with ‘below-one’-factor authentication, and nobody wants that.

In the first part of this series, we talked about the ideas behind Software-as-a-Service (SaaS) offerings and the distinction between such products and what the Free Software Foundation calls Service-as-a-Software-Substitute (SaaSS) products—i.e., software that does not necessarily have to be hosted remotely, but is.

In this series, we are looking through the Unified Kill Chain. In the first part, we looked at what came before the current model. In the second, we looked briefly at the entire chain. In this part, we will look in-depth at the first stage: Initial Foothold.

Passwords are as naff as they are incredibly prevalent. The death of passwords has been predicted many times over the years, for example by some guy called Bill Gates way back in 2004. Clearly, predictions are a risky game, but recent developments suggest that we may, actually, honestly, finally be about to see the death of passwords—they shall certainly not be missed, if so. In this article, we will look at the newly-minted WebAuthn standard for Web authentication, and what it may mean for authentication.

In this series, we are looking through the Unified Kill Chain. In the previous part, we looked at two previous attempts to model the behaviour of a cyber attacker. Both were ultimately flawed, and in this part we will introduce a third proposed model which combines the best of both: the Unified Kill Chain.