Amadeus Consulting Discusses Protecting the Weakest Link: Data and Internet Security
Computers & Technology → Technology
- Author Steve Loper
- Published February 14, 2011
- Word count 854
Protecting the Weakest Link: Data and Internet Security
There has been a lot of talk about Internet security recently, especially with Wikileaks releases and the hacking of prominent websites, including Gawker Media, McDonalds, and many others. In fact so far this year, there have been hundreds of reported security breaches and millions of records stolen. This includes banks, medical centers, doctor’s offices, government offices, and corporations.
From a data management application development standpoint, there is a lot that could be written about defending and protecting systems from attacks, including protecting from SQL injection attacks, data storage security methods, and many, many others. However, I also think that there are more fundamental security and privacy issues that may need to be resolved first.
Security and Privacy
The essence of computer security is really a philosophical debate: how much privacy and anonymity do we want to trade for security?
The fact is that protecting our own security is fairly easy, if we are willing to take the necessary steps, but we would lose a lot of online privacy and anonymity in the process. The technology exists to provide users with a single secure log-in that can be used over a broad range of websites, which could be attached to physical verification devices, such as biometric scans, key-generators, or other methods which would make stealing these ID’s extremely difficult.
This would be like an enhanced version of Facebook Connect, which allows you to log in to hundreds of websites using a single login. Of course, Facebook isn’t the only one with such a service, as Microsoft®, AOL, Twitter™, Yahoo®, Google™, Apple® and many others have all at one time launched some kind of "web-ID" system that would give users a single ID that they could use across the Internet.
The problem is that in doing so you give a massive amount of information to whatever service you use to log in to those services. So, for example, Facebook Connect tells Facebook about every site you visit and much of your online viewing habits.
In using these services, you gain some security and convenience, but you lose anonymity and privacy. Of course, it is your choice, and you are able to decide one or the other, but the challenge is that often we want to have both.
The Weakest Link
The weakest link in most security systems is the user. For example, a 2009 security breach of the popular online site RockYou revealed over 32 million usernames and passwords. Of those, over 20% of users shared the same 5000 passwords. These passwords were neither creative nor secure, and included things like "12345", "123456", "password" and "abc123."
The fact is that we tend to use very common and not-creative passwords. With the list of the 5000 most popular passwords, hackers could essentially crack 20% of accounts in a matter of minutes, or hours at most. In fact, the Conficker worm uses a list of 200 common passwords to break into corporate networks, and is nastily persistent in its ability to spread.
Even tech savvy users tend to fall into these mistakes, as shown by the Gawker Media hack which also exposed millions of passwords. As reported by the Wall Street Journal, the most popular passwords were still "123456," "password," "qwerty," and other equally popular terms.
Expanding further, according to a security study by Sophos, 33% of people use the same password for every website they visit, and 48% said they only use a handful of different codes.
So what is the weakest link? The weakest link is you and your email account, which tends to be tied to every other account online. Using weak passwords on forums or news sites may not be especially damaging, however if using the same, similar, or equally weak passwords for you email accounts can expose you to much more damage.
If a person gains access to an email account that was linked to your bank account, social media accounts, retirement accounts, business logins, or any other important and private account, they could take control of those accounts as well simply by resetting the password on those accounts, and changing the email address associated with those accounts, and you’d never know your accounts were compromised until you tried to log in, which gives them a couple days or more to do damage.
Solutions
The biggest change to online security will come through a societal shift in how we view online security. In general, people are deciding that security (ensuring people are who they say they are, and that they have the proper login credentials) is slightly more important than maintaining full anonymity or privacy.
Of course there are still plenty of privacy issues and nuances, which will need to be resolved as well. But even though key-fobs and biometrics work well for single-site logins, but multiplying that by the dozens or hundreds of websites you visit creates many other problems.
Single web-ID logins (like those offered by Facebook, VeriSign™, Google, Microsoft, or others) with the addition of key-fobs or biometrics may become the best choice for security, even if it means we lose a bit of anonymity and privacy in the process.
Steve Loper is the Quality Engineer at Amadeus Consulting and been recognized by Microsoft as a "Most Valuable Professional." Steve is regarded as one of the top .NET application and SQL Server database architects in the country, and currently oversees client projects to ensure that a strong technical approach is put in place to address even the most complex issues.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- Adapting to Rising Parcel Rates in 2024 with Business Central and Order Ship Express
- Zoviz Launches New Solutions Day by Day to Users as An AI Logo Maker
- Is Your Finance Strategy Ready for ERP Software?
- A Beginner's Guide to Starting a Career in Web3
- Harnessing the Power of License Plating in Dynamics 365 Business Central
- Crypto Weekend: Hydra Being “Abandoned”, New Blockchain Games And Partnerships
- Crypto And Web3: Integration That Opens Up New Opportunities
- Top 10 Features You Didn't Know Existed in Product Configurators for Business Central
- Enhancing Test Case Reusability with Execution Recording
- The Ultimate Guide to Hiring ASP.NET Developers for Your Business
- INVESTIGATING THE NEW MACBOOK AIR M3: STOCKPILING AND SPEED EXPERIENCES
- How to Fix Sump Pump Drainage: A Complete Guide to Keep Your Basement Dry
- From Paper to Digital: Transforming QA with Dynamics 365 Business Central
- How AI Content Moderation Keeps Your Brand Afloat
- the best metal detector
- You’re probably not ready for AI. Guide to K-12 data collection.
- Elevate Your Business Central Experience with Free Barcoding Integration
- Choosing the Best SMS Gateway Provider: 5 Essential Features for Success
- Designing Easy to Use Software: Understanding the Basics of UX Testing in Quality Assurance
- The Link: Merging Brains and Computers
- Machine translation vs AI translation: What sets them apart?
- Navigating the Path to Data Excellence: A Guide to Choosing the Right Power BI Consultant with GTH Cloud 365
- The Future of AI: Exciting Times, Big Questions
- The Evolving Landscape of SEO in 2024: Navigating the Digital Frontier
- Customize Your Gaming Console To Optimize Your Gaming Experience
- Data Recovery Complications
- Unveiling the Power of Digital Platforms
- Revolutionizing Connectivity: Digital Transformation in the Telecom Industry
- An Introduction to MacBook Pro
- Cultivating Efficient Partition Management with NTFS Recovery Toolkit 23