Designing Secure Systems

Designing Secure Systems takes a theoretical approach to information security. In this book, I introduce authorization theory, a way to analyze the security of any system based on its access, authorization, authorization, and authentication components. This approach enables you to model human process, physical, and cybersecurity systems with a single approach.

The Password is Dead.

Authenticating to remote services with only a password is a thing of the past. Modern attack techniques make theft and reuse of passwords simple, yet we continue to use them to secure pretty much everything. In this post, we will review the various risks associated with password authentication and discuss what can be done to improve our security posture.