WHY SECURITY MATTERS? (or LET’S START A ‘PASSWORD SPRING’ ! )
You would be forgiven for thinking that perhaps most people have become somewhat nonchalant about online security and that the prevalence of hacks has made most of us somewhat immune to the dangers.
Indeed I would say that some sites have become almost cavalier about their attitude to their member’s security. The recent hacking of LinkedIn certainly did not elicit the kind of response I would have expected, indeed hoped for, as a member. I get the impression that it was something of an irritant that they hope won't come again – and are certainly not bothering with beefing up security. Far too much hassle.
So is their reaction reflective of their members lack of interest – I think not, as one of their members has tried to sue them for failing to provide adequate security. (http://articles.latimes.com/2012/jun/21/business/la-fi-tn-linkedin-5-million-hack-20120621) LinkedIn have said that they will salt their passwords in future to make them more secure. This is industry standard that they should have done in the first place.
The reality is that reliance on passwords ( salted, hashed or plain ! ) is fundamentally useless against the strength of the tools available to hackers today. So why do so many sites continue to rely on them. ? And why do corporations continue to use them for allowing access to their networks. ?
Do we need the Cyber equivalent of 9-11 to wake everyone out of their stupour ? God forbid that should happen. Maybe it will take some form of regulatory action to force sites that carry any personal or financial data to use at least two factor authentication; and they should be fined if they continue to rely on just passwords for ‘security’. Perhaps the regulation should only apply to sites of a certain scale – perhaps over one million members then it becomes mandatory.
I don’t know the answer – what I do know is, that as someone who has my credit card and personal information on more than one site out there – I am very unhappy with the woefully inadequate measures that those sites have in place to protect me and my data. It needs to change.
If you agree then add your voice and maybe if enough people make enough noise something will happen !! This may be the beginning of a ‘password spring.’ ;-) Power to the people. !
Comments
Post a Comment