It took me a while but I finally found someone that had solved this. I am linking the solution. However, typing in a password and following it up with the one-time-password (OTP) is *extremely* user unfriendly. Anything that is hard to do to make better security actually makes worse security. Instead my approach protects the private keys with a password, and you then only use the OTP as the user’s password each login. So, here is the process. Assuming you have pivpn already installed and working with an OpenVPN configuration. Install google authenticator on the pi: sudo apt-get install libpam-google-authenticator Edit your openvpn server configuration: sudo nano /etc/openvpn/server.conf and add plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn (to use google authenticator) and reneg-sec 0 (to not reconnect every x minutes as the password changes[…]

Much of the focus in recent news is on attacks on retailers and the financial industry. It is easy to see the results of these money-motivated attacks in the form of large thefts of money or credit cards. As a result, it may surprise you to know your health care information is under attack. You are mistaken if you think that HIPAA’s data security protections are working to protect it. Health care organizations are not meeting the security table stakes. By rushing to implement electronic health records without minimum viable security, health care organizations are leaving the door wide open for criminals. How Bad Is It? A recent study by the Ponemon institute revealed that 94% of medical institutions have[…]

How do you buy groceries? Do you buy based on brand, what you know? Do you consider the price? Or do you have someone else handle it for you? Making An Investment While routine, groceries aren’t expensive. When we consider larger investments, however, the calculus changes. Most hesitate a bit when buying a new computer or tablet. We’d want to make sure the system meets our requirements and we’re not paying too much. Since they are a commodity item, you can shop around without difficulty. Buying a car or a house requires more time to be spent in the due diligence process. At some point it becomes less about “buying” and more about “making an investment”. Smart entrepreneurs consider their exit.[…]

Around this time of year, many of us are filing–or procrastinating about filing–our taxes. So you finally get around to filing your taxes, and your return is rejected because someone has already filed for that social security number. Uh-oh! What now? You know you haven’t filed your taxes already, and you’ve double checked your social security number to make sure you typed it in right. Then you find out your worst fear is true: someone else has already filed a tax return using your social security number – otherwise known as IRS Tax Return Fraud. Immediate Actions To Take There are three things you need to do as soon as you can: First, file a police report for identity theft.[…]

Water is critical to life. Many sources suggest drinking more water can lead to better health. And yet I’m sure you heard the story of the woman who died as a result of drinking too much water during a radio station contest in 2007. Water intoxication results when our water intake and water losses are grossly different. The levels of electrolytes in our system can get out of balance, causing basic functions of our body to cease operating. Too much of a good thing–even water–can be bad. Minimum Effective Dose A minimum effective dose or MED, as described in effective dosage of pharmaceuticals, is the smallest dose that will produce an effective outcome. Think of acetaminophen, the main ingredient in[…]

While the headlines are dominated with tales about recent breaches at Target, Neiman Marcus, and others, those businesses will survive. What about smaller companies? Turns out that just last year, two separate title and escrow companies have had to shut their doors after suffering cyber attacks. Leaked emails from a small regional bank resulted a successful theft of money from a client. And thieves are using the access that small accounting and financial management firms have to individual and corporate bank accounts to steal hundreds of thousands of dollars. What do these incidents all have in common? They are all financial industry firms. And they are all relatively small. Most of them neglected to provide even the minimum viable security[…]