Secret Questions for password reset

Secret questions as credentials for online account authentication are simply a bad idea in my view: I have never seen them done well, often seem them done atrociously, and my most generous assessment would be that they are extremely hard to do well. [Read More]

Trusting AI

Whenever considering applications that rely on generative AI, I believe we always need to ask if we can trust it. And given the technology’s track record it’s hard to imagine how we are going to honestly be able to say “100%” any time soon. [Read More]

Trusting AI

(220 words) June 2024 – Loren Kohnfelder Whether or not this unscientific test is reliable, asking generative AI if a mushroom is safe to eat — it misclassified a highly toxic variety that looks like a common edible one — is a terrible idea if you are prepared to eat according to what it says. [Read More]

Further security discussions

(500 words) May 2024 – Loren Kohnfelder This article is a continuation of Better Security Discussions. This analysis can be extended by considering potential mitigations for additional threats. [Read More]

Better security discussions

(900 words) May 2024 – Loren Kohnfelder We understand software security best through specific threats and mitigations, articulated by threat models shared openly. [Read More]