Maybe we should utilize two-factor authentication when it comes to applications that need to be secure at this point. Also, Win8 comes with picture password, that may one way going away from character password.
I 100% agree with Michael, when dealing with the REAL bad guys, I seriously doubt they are trying to find out "Pete-from-accounting's" password they simply go for the database server and get everything they want.
For personal information, lets say trying to access someone's gmail account that would be the case but even then, installing a keylogger might be even easier.
I certainly find the frequency with which I am having to request a password re-set increasing. It's almost at the point where it's easier to change passwords every time than look for where I wrote them down.
You are correct in that many of the bad guys will want to steal the corporate database. However, there is a lot to mine that might not have made it to the database yet. Projects in process, private emails, notes and such still reside on user systems. There also is private info that resides on user systems.
The value of data is what someone will pay for it. Certainly the biggest win is when the attacker is able to access and steal the corporate database, but there is still incremental, and sometimes significant, value in data stored on users' machines.
I'll share an example. That of being required to change your password after a certain length of time. What do you think that accomplishes? Absolutely nothing.
To do any good, you would have to change your password everytime you log in. The bad guys find your password they need it for 10 seconds until they escalate rights or create their own user.
Cormick did the math and the time and money lost due to just messing with new passwords was quite a lot. Passwords work, for their intended purpose, keeping the curious out. The bad guys don't even bother.
So does that mean individuals and companies are spending too much unnecessary time focusing on 'secure' passwords, Michael? What is the answer, other than better security for the networks and databases themselves?
User passwords are not even a consideration for the bad guys. They moved to bigger and better things. Why mess with a user/password combination that has limited rights, when they can attack a vulnerable database server and get the keys to the kingdom and the entire database.
The issues surrounding user passwords are immaterial.
In the original post of this story, I incorrectly noted that sha512crypt is supported by Microsoft. It is not. It is supported by Linux, FreeBSD, and other similar distributions. My apologies for the error.
Also, due to an editing error, an incorrect link was supplied for Stricture Consulting Group. The company does not, as of this posting, have an active web site. However, Jeremi Gosney can be reached via Twitter at @jmgosney.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
The US National Security Agency learned the hard way that it can be dangerous to give a contractor too much money and access, with too little scrutiny. The NSA and other government agencies hire tens of thousands of contractors
a year to analyze data. Edward Snowden -- who revealed himself as the NSA leaker after fleeing the country -- was one such contractor, reportedly holding a $122,000 salaried position at Booz Allen Hamilton at the time of his departure.
Midsize businesses rarely achieve the same standards of security in their own datacenters as professional providers that specialize in delivering these services to organizations.
It was about 10 years ago when a new generation of software-as-a-service (SaaS) alternatives started to gain acceptance and adoption among organizations of all sizes. And it has only been about five years since Amazon Web Services captured the marketplace's attention with Amazon EC2 and Amazon S3, which opened the door to a vast array of infrastructure-as-a-service (IaaS) offerings. Now, the third piece of the cloud computing puzzle is beginning to win over organizations seeking to build their own apps: platform-as-a-service (PaaS).
Energy consumption is a primary contributor to global warming. At the end of 2012, 40 percent of energy consumption in the US came from commercial and residential buildings.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
