NIST Recommends SMS Two-Factor Authentication Deprecation

This is an intriguing draft document by NIST concerning SMS and two-factor authentication.  This is a commonly used technique for many two-factor providers so conversion to more secure methods may take time.  This is certainly not a finalized recommendation and adoption will take time if it moves forward.

LastPass password manager “zero-day” bug hits the news

This is a very good, common sense explanation of the “zero-day” vulnerability that has been discussed in the press for the popular password manager LastPass.  I agree that caution is warranted, but I do not believe it is time to wholesale abandon the product or the use of password managers in general.  Watch for the patch and apply as soon as possible.