-
Listen Now
EPISODE 484
Broadcast Date:
April 9, 202514 minutes
Podcast Apr 09, 2025Root Causes 484: Multi Good Factor Authentication
We define multi good factor authentication, which is the idea that not all authentication factors are equal. We discuss the importance of considering authentication strength and the contextual nature of trust.
-
Learn More
The all-or-nothing cybersecurity fallacy: why progress matters
Blog Post from Sectigo
Blog Post Mar 03, 2025Cybersecurity isn’t all or nothing. Incremental improvements, like automation and shorter SSL/TLS lifespans, reduce risk and strengthen defenses.
-
Listen Now
EPISODE 470
Broadcast Date:
February 19, 202512 minutes
Podcast Feb 19, 2025Root Causes 470: The MFA False Equivalency Fallacy
Not all forms of MFA are equally secure. In this episode, we describe the differences between the more secure and less secure forms of MFA.
-
Learn More
Cybersecurity basics: passwords, MFA, phishing & software updates
Blog Post from Sectigo
Blog Post Oct 04, 2024Despite years of awareness, basic cybersecurity practices like strong passwords, MFA, and phishing alerts are still essential in our fast-paced world.
-
Listen Now
EPISODE 421
Broadcast Date:
September 16, 20248 minutes
Podcast Sep 16, 2024Root Causes 421: FIDO 2 Implementation Problems
White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.
-
Listen Now
EPISODE 382
Broadcast Date:
April 29, 202412 minutes
Podcast Apr 29, 2024Root Causes 382: Mobile Phone Malware Steals Faces for Access
New malware photographs users' faces to defeat authentication mechanisms. Biometrics are not "secrets."
-
Listen Now
EPISODE 335
Broadcast Date:
September 29, 202310 minutes
Podcast Sep 29, 2023Root Causes 335: When MFA Is Not MFA
A social engineering attack to steal a one-time password (OTP) to enable unauthorized access is further exploited by a cloud backup feature.
-
Listen Now
EPISODE 249
Broadcast Date:
October 21, 202210 minutes
Podcast Oct 21, 2022Root Causes 249: What Is MFA Exhaustion?
Recent high profile attacks that were enabled by defeating MFA. We explain the concept of MFA fatigue and why it is an enabler for these attacks.
-
Listen Now
EPISODE 245
Broadcast Date:
September 29, 202210 minutes
Podcast Sep 29, 2022Root Causes 245: One Time Passcode as a Liability
A recent article from Brian Krebs advances the idea that using OTP MFA may actually be a liability to security. We explain that reasoning.
-
Listen Now
EPISODE 220
Broadcast Date:
May 2, 202214 minutes
Podcast May 02, 2022Root Causes 220: The Difference Between OTP and Passwordless
In this episode we clarify the difference between OTP services and passwordless authentication.
-
Listen Now
EPISODE 214
Broadcast Date:
April 5, 202211 minutes
Podcast Apr 05, 2022Root Causes 214: New DUO MFA Flaw Explained
A recent FBI warning cautions organizations about exploits based on misconfigured DUO MFA. We explain this exploit and why it is noteworthy.
-
Listen Now
EPISODE 164
Broadcast Date:
May 20, 202111 minutes
Podcast May 20, 2021Root Causes 164: Examining MFA Through out-of-Band Phone Calling
We explore out-of-band phone calling as a MFA method, including, what attacks it defends against successfully, and what attacks can circumvent it.