RT @WeldPond: "Password expiration requirements do more harm than good, because these requirements make users select predictable passwords"….

is back up and generating molecular wallpapers again after months of downtime. Sorry about that, life got a bit crazy.

While this might have nothing to do with the latest "sophisticated cyberattack" that you came under @easyJet, I sent you an e-mail and several DMs about this and absolutely nothing was done. I can't help but wonder, were there similar warnings this time?.

Sign in link up top there too, for anyone to fiddle with that happens to be sitting between the user and your server. Honestly really frustrating. @troyhunt wrote on this all the way back in 2017.

When you inevitably announce that you take customer security "extremely seriously" in response to this latest "sophisticated cyberattack" do you mean seriously enough to not ask for surnames and booking numbers on a form served over an unsecured connection?

RT @irisyupingren: Vote here:

#5233 @computermuseum Science, yeah! @irisyupingren.

RT @alexbloor: WHAT THE SHIT. Seriously, I didn't realise the utter amazingness of this on the day when Marek sent it. If you use their….

FM'19 was amazing!

If you follow me and don't yet follow @cybergibbons you should definitely do so. Consistently awesome stuff.

RT @bcrypt: hate to post about personal stuff but tl;dr i had to kick a friend out of my life tonite bc they were not respecting boundaries….

Me, a password security researcher, hiding under the bed:. Armed robber: . Me: . Armed robber: . Me: . Armed robber: Enforce password length over password complexity. Me: ACTUALLY THERE IS NO IDEAL PASSWORD POLICY IN ALL ENVIRONMENTS, THREAT MODELLING IS ESSENTIA- oops. .

I don't blog much, but in light of the recent @virginmedia tweet about *printing out passwords and popping them in the post* (still can't believe I'm typing that) I thought I'd post this here:

Absolutely wild that you store passwords unhashed, then *print them on a piece of paper* and put them in the mail. This can't be real.

Go to check my account balance on my phone, get nervous, hands get clammy, fingerprint not recognised, calm down a bit, go to check my account balance on my phone, get nervous. .

RT @SarahJamieLewis: Can't wait for a cryptocurrency with the ethics of Uber, the censorship resistance of Paypal, and the centralization o….

Really enjoyed delivering my talk at @OfficialTDFCon on malicious JavaScript encoded as zero-width whitespace characters! The blog post is up now:

RT @troyhunt: This in no way makes any sense whatsoever @ServiceNSW