Humans are notoriously poor at weighing risk.
We use emotion, rather than reason, to judge what’s truly
dangerous, which is why most Americans being afraid of handguns in the home more
than swimming pools when it comes to child safety.
And it’s the same with online security. People worry about scary hackers
penetrating through firewalls and stealing passwords for websites they use,
but the reality–just like with swimming pools–is usually much more mundane
(and dangerous).
The Real Threat
Most people–and I dare say even most security professionals–don’t realize
that the greatest vulnerability to online account security doesn’t come from
having multiple passwords spread out over many sites, or even from proposed
identity consolidation systems like
OpenID. It actually comes from the mother of all single points of failure–the email-based password reset mechanism.
Systems like OpenID are potential points of failure, for some subset
of online users, at some point in the future. Email, on the other hand, is a
single point of failure for almost everyone–right now.
Think about it: when you forget your password, how do you reset it for the
majority of the sites you use? Right, email. That means that the way into
virtually all those different websites is through your email account.
In other words, the single most important password you have is the password
to your email account.
The Mother of All Backdoors
Unfortunately, gaping holes exist in our current online password security
systems–including those on email accounts. The hole comes in the form of
question-answer reset systems, whereby you are asked some questions like,
“What’s the name of your favorite pet?”, or “What was the name of your first
High School?” in order to reset your password. These systems constitute a
major weakness in online security for the simple reason that
guessing these answers is often much easier than guessing your actual
password.
So the bottom line is that if someone can backdoor your email account
through a weak reset mechanism, they will then own your single point of
failure for all your other online accounts. This is the swimming pool of
online attacks because it yields way more passwords per year than
super-hackers, but it gets far less attention.
So What Can We Do?
Here are the things you can do immediately to improve your online security
posture:
-
Go, right now, and change your email password. Make it as complex
as possible and don’t use a scheme or pattern that you’ve used in the
past. Make it around 8 characters (you get diminishing returns beyond
that) and make sure to use upper-case, lower-case, numbers, and at least
one special character. -
Modify your password reset questions and answers for your email
account
(if you have them). If you have the option, create your own questions,
and use answers that only you would know. Don’t be like Sarah Palin
(solid advice on a number of levels) and use something that can be
looked up (she got her email hacked by using her High School name). If
you’re forced to use canned questions, be tricky: consider answering
“Friday” for favorite food, or “7129” for your favorite pet’s name. -
Sign up for an OpenID account. I suggest PIP from VerisignLabs
because they offer a number of two-factor options (I use their soft
token). Make this password a good one, and don’t base it off of any
patterns you’ve used in the past. Pay special attention to your reset
mechanisms (see numbers 1 and 2), and enable the two-factor option if at
all possible. Enable the requirement on your OpenID account (PIP) to
require that you be signed in before the incoming authentication request
be granted. -
For your sensitive accounts (I’d say this includes social networking
sites in most cases) use your OpenID account wherever you can. And where you do, be sure to change your local, website-based
password (which you’ll be mapping your OpenID to) to something complex.
Consider using a password-generator tool for generating and managing
those passwords–something like 1Password or Password Safe. You hopefully
won’t have to use them much, as you’ll be using your OpenID in most
cases.
These four things should enhance your online security significantly, and
doing just the first two will get you a solid measure of the benefits. In an
upcoming article I’ll be looking at some of the password reset mechanisms
used by major services, and evaluating the strength of each. ::
Links
Command Your Timeline: Heal the Past, Design Your FutureIntelligence,Skills Development 
SHAPTA MOCKS 2024
Ultimate Me: Unlock Your Ultimate Potential & Energy HealingIntelligence,Skills Development 
NLSC: SENIOR THREE AGRICULTUREAgriculture,New Lower Secondary Curriculum,Ordinary Secondary 
NLSC: SENIOR THREE CHEMISTRY
What is ChatGPT?General
The Changing World of Crypto: How to Stay in the Game Without Losing Faith in YourselfGeneral
Betrayal in the City by Francis ImbugaEducation lower secondary Politics
The Moon also sets by Osi OgbuClass Subjects- Meet Musinguzi John Paul – Your AI Teacher of Christian Religious Education for O-Level in UgandaEducation
- Meet Mbabazi Bridget – Your AI Teacher of Entrepreneurship for O-Level in UgandaEducation
Babirye SandraO-LEVEL ENTREPRENUERSHIP,PETTY CASHBOOK ASSIGNMENT- Babirye SandraO-LEVEL ENTREPRENUERSHIP,PETTY CASHBOOK ASSIGNMENT
- Babirye SandraO-LEVEL ENTREPRENUERSHIP,PETTY CASHBOOK ASSIGNMENT
NLSC: SENIOR THREE AGRICULTURE
- Aheebwa JosephDP: Digital Pedagogy Assignment8
- Aheebwa JosephDP: Digital Pedagogy Assignment6
- Aheebwa JosephDP: Digital Pedagogy Assignment 3
- mukose yekosanDP: Digital Pedagogy Final Project
0 responses on "Reaching Your Content Potential"