Maybe we should utilize two-factor authentication when it comes to applications that need to be secure at this point. Also, Win8 comes with picture password, that may one way going away from character password.
I 100% agree with Michael, when dealing with the REAL bad guys, I seriously doubt they are trying to find out "Pete-from-accounting's" password they simply go for the database server and get everything they want.
For personal information, lets say trying to access someone's gmail account that would be the case but even then, installing a keylogger might be even easier.
I certainly find the frequency with which I am having to request a password re-set increasing. It's almost at the point where it's easier to change passwords every time than look for where I wrote them down.
You are correct in that many of the bad guys will want to steal the corporate database. However, there is a lot to mine that might not have made it to the database yet. Projects in process, private emails, notes and such still reside on user systems. There also is private info that resides on user systems.
The value of data is what someone will pay for it. Certainly the biggest win is when the attacker is able to access and steal the corporate database, but there is still incremental, and sometimes significant, value in data stored on users' machines.
I'll share an example. That of being required to change your password after a certain length of time. What do you think that accomplishes? Absolutely nothing.
To do any good, you would have to change your password everytime you log in. The bad guys find your password they need it for 10 seconds until they escalate rights or create their own user.
Cormick did the math and the time and money lost due to just messing with new passwords was quite a lot. Passwords work, for their intended purpose, keeping the curious out. The bad guys don't even bother.
So does that mean individuals and companies are spending too much unnecessary time focusing on 'secure' passwords, Michael? What is the answer, other than better security for the networks and databases themselves?
User passwords are not even a consideration for the bad guys. They moved to bigger and better things. Why mess with a user/password combination that has limited rights, when they can attack a vulnerable database server and get the keys to the kingdom and the entire database.
The issues surrounding user passwords are immaterial.
In the original post of this story, I incorrectly noted that sha512crypt is supported by Microsoft. It is not. It is supported by Linux, FreeBSD, and other similar distributions. My apologies for the error.
Also, due to an editing error, an incorrect link was supplied for Stricture Consulting Group. The company does not, as of this posting, have an active web site. However, Jeremi Gosney can be reached via Twitter at @jmgosney.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
As Mitch Wagner discussed today, Yahoo is acquiring Tumblr. The big Internet debate at the moment is whether Tumblr will be good or bad for Yahoo. Regardless of their stances on the future of Yahoo itself, many claim that Yahoo will somehow ruin Tumblr.
Has China stolen a march on the West, developing an Internet architecture that is not only based on IPv6, but is also inherently secure from both internal and external attack?
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
The apartment and house sharing service, Airbnb, now requires members to verify their identities by demonstrating a presence on the web, and by either scanning a government ID or entering detailed personal details. Other enterprises should take a close look at Airbnb's verification policies.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
