Latest articles

Universal 2nd Factor (U2F) is an open authentication standard originally developed by Yubico and Google and now hosted by the FIDO Alliance. Security devices with U2F support allow you to use two-factor authentication more easily since they contain a secret key that provides a second factor only by pressing the device’s button. You don’t need to manage more credentials.

We already compared the YubiKey 4C and Nitrokey Pro that offer more features than only U2F. In this article, we compare the Yubico Security Key and Nitrokey FIDO U2F. Both tokens offer similar features and come with support for U2F.

Read more

Some readers asked which WordPress theme we use. The simple answer: We do not use WordPress at all. WordPress and other big content management systems (CMS) like Joomla or Drupal are extremely overpowered for personal blogs and smaller projects like our InfoSec Handbook blog. In this article, we give a basic introduction to the static site generator Hugo and discuss security issues of CMS.

Read more

In the second part of this series, we showed you how to harden your web server software. In this part, we introduce TLS cipher suites, talk about OCSP and show you additional security-related HTTP response headers.

Read more

In the first part of this series, we showed you how to harden your server by configuring your firewall and SSH. In this part, we show you how to secure your web server software.

Read more

Secure crypto, secure passwords, secure messaging, secure e-mail, secure browsing—we see ‘secure something’ everywhere, but no one defines this term. On closer inspection, ‘secure’ even becomes a catchword most of the time. We discuss these examples in this article.

Read more