Ignorance is far from bliss
It's frightening to hear about so many huge intrusions past authentication barriers. It's also discouraging when you realize that the issue comes from a simple case of ignorance on the part of those that guard sensitive information. In Cliff Stoll's The Cuckoo's Egg, a case is made to not leave the door open for strangers to walk in. We need to make sure that we are taking care of the things that need to stay behind a lock and key.
One major problem is that it's taboo to learn what strategies other people are employing to choose safe passwords. By keeping us ignorant, we can't benefit from the wisdom that emerges from group discussion. Some of the culprits of unsafe passwords simply don't know how to make their passwords safer. A bigger effort needs to be made to reach out these types of individuals.
Avoiding common security flaws is a very accessible topic to non-technical audiences. In fact, my wife began reading The Cuckoo's Egg over my shoulder when I reached the halfway point of the book. Within two chapters, she was intrigued by the exploits that the hacker was utilizing, and the concepts were easy enough for her to follow, despite the occasional mention of Unix commands. As another point in case, Cliff was an astronomer. Computer security was the last thing on his mind when it came to career choices. Yet he was also far from ignorant, and did what it took to learn about security and felt that it was important.
One major problem is that it's taboo to learn what strategies other people are employing to choose safe passwords. By keeping us ignorant, we can't benefit from the wisdom that emerges from group discussion. Some of the culprits of unsafe passwords simply don't know how to make their passwords safer. A bigger effort needs to be made to reach out these types of individuals.
Avoiding common security flaws is a very accessible topic to non-technical audiences. In fact, my wife began reading The Cuckoo's Egg over my shoulder when I reached the halfway point of the book. Within two chapters, she was intrigued by the exploits that the hacker was utilizing, and the concepts were easy enough for her to follow, despite the occasional mention of Unix commands. As another point in case, Cliff was an astronomer. Computer security was the last thing on his mind when it came to career choices. Yet he was also far from ignorant, and did what it took to learn about security and felt that it was important.
I think weak password security and personal information vulnerabilities are touchy topics that people tend to avoid. Older citizens of the internet especially have a tendency to think that they understand the world, so they don't need to learn more about the Internet or how it works.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteAlthough i agree weak passwords are an example of a major security vulnerability, by and large hackers exploit code weakness more than weak passwords. Case in point is the recently revealed flaw in the Apple Safari browser not encrypting data sent over secure https connections. Who knows how much information was viewed or stolen, no password needed.
ReplyDelete