How to write a good phishing e-mail

When we were working on the project that required all 45,000 IT accounts on campus to change their password yearly, we had to craft a series of reminder e-mails that the looming deadline was, well, looming. The content was simple enough: Tell users their password is expiring Tell users where to go to change their … 

 

Why we age passwords

In my previous blog post, I talked about the password standard at the University of Calgary. The password standard dictates that passwords on our user’s IT accounts must follow certain rules. Notably, length and complexity, but also that they must be changed once a year. In the same blog post I also mentioned that I … 

 

Shibboleth: authentication of the future

For over a decade, the University of Calgary has used a piece of software called the Central Authentication System, or simply CAS. CAS is a fairly simply concept, it is a single sign-on provider, which means if your logging into a web application – you just need to enter your credentials once and your good. Any … 

 

Yes, I know our password policy sucks

In 2014 I built the Password Management system for the University of Calgary. The largest feature of the tool is the ability to change your own password, and to change your password you have to follow our password standard (we don’t say password policy around here, for the same reason computer scientists don’t call themselves … 

 

On Confirmation vs Undo (in Web Applications)

This is a well discussed topic and nothing groundbreaking here, yet today I was in a situation where the group was so accustomed to confirmation boxes they almost seemed to crave them. Let’s say you were deleting a record from a database. This is a really scary operation, so we should ask the user if … 

 

Readable Design Documents

Anyone ever read branding guidelines? If you pasted someone else’s logo on your website or referenced a product by name, you should probably have read their branding guidelines. Unfortunately, most branding guidelines comes in the form of multi-page PDFs that outline strict rules about where you can use their logo, how you can use their …