Archives For password

How would your clients respond?

(Watch the Video – it’s worth the two minutes) How would your clients respond to an interview like this one? I don’t mean the people in IT – the exposure is with those who don’t really understand computers but use them all day long, creating and using digital assets. Is this interview for real?  I think it is…I’m tempted to go out and try this.

Blog Subscribe Ad

The point is, no matter how secure the perimeter is, people still talk. It reminds me of the men working on Wall Street who gave their passwords out to the 21 year old Facebook woman last year (Wall Street Journal Reported on this.) I talk about this in my new House & The Cloud book (Second Edition), and what you can be doing to help your clients change this.

One thing is for sure, passwords don’t really work. They’re like your front door at home. They keep out bugs, heat in the summer, cold in the winter, and curious children living next door. But that’s about it.  Is anyone seeing more sales in strong authentication technologies…please comment.

One opportunity is to get into the security policy business – if you’re not helping your customers develop strong policies and enforcement, you should be. Compliance requires it, and for those who don’t seem to fall under any compliance regulations, they still need it. Password policies should specify lengths of at least 8 characters, with numbers and letters, and a special character.  But they still wont really work. At some point we should be moving to something more secure. Some sort of duel authentication. I love my thumbprint iPhone 6 button! Of course, you don’t need a thumb because you can always guess the 4 digit login – or accidentally erase the entire phone by guessing wrong 10 times in a row. Somehow that’s not great either.

© 2015, David Stelzl

Advertisements

Here’s a scam that attracts users to a torrent web site – a site used to distribute large files (generally used in music and video sharing).  The idea is to attract users and grow the population for what appears to be a well constructed and useful tool.  Once enrolled, users are infected by malware, allowing the hackers that actually run the site, to gain access to end-user computers.

In this case Twitter was used to attract these people. Once members, passwords were compromised.  The hackers are playing on the belief that most people use the same name and password on many accounts, so if they can steal the credentials used to set up their torrent account, they may then be able to use these credentials to break into other accounts including social networking sites or even online banking accounts.

This provides a great case for strong authentication technology and access control policies that are managed and enforced through technology solutions you provide!  Check out the actual article and explain this to your clients.  Education is the key to business development in this economy:

http://www.scmagazineus.com/twitter-accounts-compromised-in-torrent-site-scam/article/163080/?DCMP=EMC-SCUS_Newswire