WHY SECURITY MATTERS? (or LET’S START A ‘PASSWORD SPRING’ ! )


You would be forgiven for thinking that perhaps most people have become somewhat nonchalant about online security and that the prevalence of hacks has made most of us somewhat immune to the dangers.   


Indeed I would say that some sites have become almost cavalier about their attitude to their member’s security.  The recent hacking of LinkedIn certainly did not elicit the kind of response I would have expected, indeed hoped for,  as a member.   I get the impression that it was something of an irritant that they hope won't come again – and are certainly not bothering with beefing up security.  Far too much hassle.  


So is their reaction reflective of their members lack of interest – I think not,  as one of their members has tried to sue them for failing to provide adequate security.  (http://articles.latimes.com/2012/jun/21/business/la-fi-tn-linkedin-5-million-hack-20120621)   LinkedIn have said that they will salt their passwords in future to make them more secure.   This is industry standard that they should have done in the first place.    


The reality is that reliance on passwords ( salted, hashed or plain ! ) is fundamentally useless against the strength of the tools available to hackers today.  So why do so many sites continue to rely on them. ?  And why do corporations continue to use them for allowing access to their networks.  ? 


Do we need the Cyber equivalent of 9-11 to wake everyone out of their stupour ?  God forbid that should happen.   Maybe it will take some form of regulatory action to force sites that carry any personal or financial data to use at least two factor authentication;  and they should be fined if they continue to rely on just passwords for ‘security’.   Perhaps the regulation should only apply to sites of a certain scale – perhaps over one million members then it becomes mandatory.  


I don’t know the answer – what I do know is,   that as someone who has my credit card and personal information on more than one site out there – I am very unhappy with the woefully inadequate measures that those sites have in place to protect me and my data.  It needs to change.  


If you agree then add your voice and maybe if enough people make enough noise something will happen !!   This may be the beginning of a ‘password spring.’ ;-)  Power to the people. !





Comments

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

HSBC EMBRACES OLD TECHNOLOGY IN ITS BATTLE AGAINST HACKERS

 If you live in the UK and are somehow involved in the business world and exposed to media you could not help but have noticed the extensive advertising campaign that HSBC has been running on its new (sic) ‘security device’ for online banking - Secure Key.    ( I was tempted to refer to them as  ‘ large UK bank’  - but it is so obvious who it is – no point in pretending. ) A lot of money has been thrown at this campaign – I would guess millions.  ( http://www.youtube.com/watch?v=Jx0Z5CiQMIw )   Full page spreads in large circulation newspapers cost big bucks not to mention prime time TV slots.   So here you have the worlds largest retail bank splashing millions on advertising and even more on a ‘cool’ little device that looks like a mini-calculator  - but basically a technology that has been around for about a decade.   This will be rolled out to 4m retail customers worldwide at a reported cost of up to £50 per pop! ( http://www.bankingtech.com/bankingtech/article.do?articleid=200002
Read more