Thanks to my former publisher, Addison-Wesley nee-Pearson Education, I can post several chapters of my favorite writing project: Authentication: From Passwords to Public Keys. I'm including these chapters as material for the Cloud Cybersecurity course I'm doing at the University of Minnesota for Coursera. The book was published in 2001, and it's based on solid,... Continue Reading →

Political campaign security

Maciej Cegłowski has published a long, practical, insightful, and witty article on his experiences with political campaign security. He wisely focuses on a handful of steps to narrow the attack surface with the fewest tools and techniques. This should be a Coursera course, or a series of short videos.

Design Patterns for Identity Systems

These are design patterns in the Christopher Alexander sense rather than the object oriented design sense: they address the physical and network environment rather than focusing on software abstractions. The patterns were introduced in my book Authentication. There are four patterns: local, direct, indirect, and off-line. Here is a brief description of each authentication pattern:... Continue Reading →

Create a website or blog at

Up ↑