http://www.wired.com/opinion/2012/10/passwords-and-hackers-security-and-practicality/ By Markus Jakobsson Opinion Wired.com 10.18.12 Security is not just about strong encryption, good anti-virus software, or techniques like two-factor authentication. It’s also about the “fuzzy” things ... involving people. That’s where the security game is often won or lost. Just ask Mat Honan. We -- the users -- are supposed to be responsible, and are told what to do to stay secure. For example: “Don’t use the same password on different sites.” “Use strong passwords.” “Give good answers to security questions.” But here’s the troublesome equation: more services used = more passwords needed = more user pain ...which means it only gets harder and harder to follow such advice. Why? Because security and practicality are in conflict. But they don’t have to be. As someone who has studied millions of passwords and how they were constructed – I’ve spent most of my waking hours for over a decade obsessing about authentication methods – I say we can have both security and practicality. And it starts with recognizing that a lot of security advice hurts more than it helps. [...] -- CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest, easiest way to master the relevant data you need now. Sign up for the free weekly PainPill and try a free class. It is easy. http://www.expandingsecurity.com/PainPillReceived on Fri Oct 19 2012 - 02:45:36 PDT
This archive was generated by hypermail 2.2.0 : Fri Oct 19 2012 - 02:39:39 PDT