Yah some good points made but the problem is always going to be the end user and I think its our jobs as security people and websites to educate their user by explaing why they need to do somthing rather than forcing them or telling them.

Big companies have the money to educated their user but who is training home user  and until we break this where home user are gettign educated security is alway going to be a hugh issue. As home user are taking their bad habbits to work with them and its just a circle.

Many of the banks in the Uk do use devices for authentication but how of the banks really explained why they are using them. I think if you said to anyone this device will help reduce the change people can get access to your money most people would want the device. Instead banks just send the device and say you must use this so people see it as a pain and dont really understand why.

Hi All,

Why are so many companies finding it hard to have a good way for end user to login to their account?

Recently in the news there have been a few passwords leaked where companies cant even do the basic of encrypting passwords and adding some salt to them. A lot of sites still wont let you add symbols and dont allow over 40 char passwords. Many comapnies still force you into using number and letter and that is it. In this day and age why is every site not using two way authentication?

For me I dont see why everyone is not using two way authentication it seem like more seucre way to go. Dont get me wrong within time this maybe broken but at the moment its the best thing we have.

There are lots way to set it up you can using a mobile like Paypal, online banks and other companies are using. There are also even yubico that are not expensive that can be used for two way authentication.

Do you think its time we moved to a two method authentication system for every website nd every system  we use ?

something I have, and somthing I know is the way to go !!

There are lots great books it really does depend on what area you want to go in.

The coders one is ok I would say maybe learn one lan like python.

I would also try do few course too if you can afford it and start a project that give you stuff to talk at any interviews.

Go to cons and meet people too.

Yah it took me while to get it downloaded

Yah that would be good idea of location and if you willing to relocate also are you looking to join a company of work freelance ?

I am not a big fan of reading so the only books I read are security related books.

Sounds like a good read will have to take a look when i get some time thanks

Yes there are lots new things with wireless you can do setting up rogue access points and wps attacks using reaver.

google is your friend!! as stated you need to edit the config to make sue set points to where the metasploit install is.

just sudo vi set_config there should be a comment
#path to metasploit


make sure under this it has the correct path to where metasploit is install on bt

I asked about 2 months ago the code is only valid on the pro version and its the full payment option you cant use the code on the monthly payment.

hmm yah CISSP is mot well know security related cert but I think it not really a cert for pen tester as it too generic .

Thanks will find it useful need to have a  read of it

I total agree there are lots good tutorials on cracking wep and wpa. I not saying don't produce more but you need to make them simple to access and explain them so they are simple.

Cool thanks will have a look at it