Amadeus Consulting Discusses Protecting the Weakest Link: Data and Internet Security
Computers & Technology → Technology
- Author Steve Loper
- Published February 14, 2011
- Word count 854
Protecting the Weakest Link: Data and Internet Security
There has been a lot of talk about Internet security recently, especially with Wikileaks releases and the hacking of prominent websites, including Gawker Media, McDonalds, and many others. In fact so far this year, there have been hundreds of reported security breaches and millions of records stolen. This includes banks, medical centers, doctor’s offices, government offices, and corporations.
From a data management application development standpoint, there is a lot that could be written about defending and protecting systems from attacks, including protecting from SQL injection attacks, data storage security methods, and many, many others. However, I also think that there are more fundamental security and privacy issues that may need to be resolved first.
Security and Privacy
The essence of computer security is really a philosophical debate: how much privacy and anonymity do we want to trade for security?
The fact is that protecting our own security is fairly easy, if we are willing to take the necessary steps, but we would lose a lot of online privacy and anonymity in the process. The technology exists to provide users with a single secure log-in that can be used over a broad range of websites, which could be attached to physical verification devices, such as biometric scans, key-generators, or other methods which would make stealing these ID’s extremely difficult.
This would be like an enhanced version of Facebook Connect, which allows you to log in to hundreds of websites using a single login. Of course, Facebook isn’t the only one with such a service, as Microsoft®, AOL, Twitter™, Yahoo®, Google™, Apple® and many others have all at one time launched some kind of "web-ID" system that would give users a single ID that they could use across the Internet.
The problem is that in doing so you give a massive amount of information to whatever service you use to log in to those services. So, for example, Facebook Connect tells Facebook about every site you visit and much of your online viewing habits.
In using these services, you gain some security and convenience, but you lose anonymity and privacy. Of course, it is your choice, and you are able to decide one or the other, but the challenge is that often we want to have both.
The Weakest Link
The weakest link in most security systems is the user. For example, a 2009 security breach of the popular online site RockYou revealed over 32 million usernames and passwords. Of those, over 20% of users shared the same 5000 passwords. These passwords were neither creative nor secure, and included things like "12345", "123456", "password" and "abc123."
The fact is that we tend to use very common and not-creative passwords. With the list of the 5000 most popular passwords, hackers could essentially crack 20% of accounts in a matter of minutes, or hours at most. In fact, the Conficker worm uses a list of 200 common passwords to break into corporate networks, and is nastily persistent in its ability to spread.
Even tech savvy users tend to fall into these mistakes, as shown by the Gawker Media hack which also exposed millions of passwords. As reported by the Wall Street Journal, the most popular passwords were still "123456," "password," "qwerty," and other equally popular terms.
Expanding further, according to a security study by Sophos, 33% of people use the same password for every website they visit, and 48% said they only use a handful of different codes.
So what is the weakest link? The weakest link is you and your email account, which tends to be tied to every other account online. Using weak passwords on forums or news sites may not be especially damaging, however if using the same, similar, or equally weak passwords for you email accounts can expose you to much more damage.
If a person gains access to an email account that was linked to your bank account, social media accounts, retirement accounts, business logins, or any other important and private account, they could take control of those accounts as well simply by resetting the password on those accounts, and changing the email address associated with those accounts, and you’d never know your accounts were compromised until you tried to log in, which gives them a couple days or more to do damage.
Solutions
The biggest change to online security will come through a societal shift in how we view online security. In general, people are deciding that security (ensuring people are who they say they are, and that they have the proper login credentials) is slightly more important than maintaining full anonymity or privacy.
Of course there are still plenty of privacy issues and nuances, which will need to be resolved as well. But even though key-fobs and biometrics work well for single-site logins, but multiplying that by the dozens or hundreds of websites you visit creates many other problems.
Single web-ID logins (like those offered by Facebook, VeriSign™, Google, Microsoft, or others) with the addition of key-fobs or biometrics may become the best choice for security, even if it means we lose a bit of anonymity and privacy in the process.
Steve Loper is the Quality Engineer at Amadeus Consulting and been recognized by Microsoft as a "Most Valuable Professional." Steve is regarded as one of the top .NET application and SQL Server database architects in the country, and currently oversees client projects to ensure that a strong technical approach is put in place to address even the most complex issues.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- 10 Ways to Transform Production Scheduling in Business Central
- Master the Art of Gamification with Our Engaging App
- 10 Reasons Business Central Users Leverage Advanced Inventory Count
- The Ultimate Guide to 3D Animation: From Basics to Advanced Techniques
- Mitsubishi Electric proves heat pump compatibility with microbore pipework
- The Role of AI Services in Customer Experience and Satisfaction
- Google DeepMind Launches Gemma 2: A New AI Model Revolutionizing Research and Development
- How Do AI Solutions Drive Productivity And ROI In Business?
- Is Verizon Total the same as Verizon Prepaid?
- What is the best prepaid phone company?
- Why Small to Large Companies Continue to Use Dated/Dinosaur Technology
- 10 Ways Business Central’s Quality Inspector App Streamlines Quality Assurance
- 10 Ways Business Central’s Quality Inspector App Streamlines Quality Assurance
- The Rise of Sustainable Technology: Shaping a Greener Future
- Why Bullseye Engagement Offers the Best OKR Software for Businesses
- Web Development Companies in Canada
- How EasyPDF™ Forms Save Time & Money at Home and in the Workplace
- The One and Only 15-Second Digital Lien Waiver to Complete and Submit in Record Time Using the Free Adobe Reader
- The Impact of Employer Branding on Leadership Recruitment
- Augmented Reality (AR) in Business: Why Your Company Needs It
- Top 10 Reasons to Use Business Central’s License Plating App
- The Hidden Advantages of European Offshore Development Companies
- App Development: Transforming Ideas into Reality
- Automate you Chauffeur Service with A to Z Dispatch
- The Impact of Machine Learning and AI on Business: What the Future Holds In the modern busine
- Generate Flashcards Fast with AI: The Ultimate Solution for Developers
- Blockchain Interview Guide: Essential Questions and Answers for Success
- Eight Free Business Central Apps That You’ll Wish You Had
- How Artificial Intelligence (AI) and Machine Learning (ML) Are Transforming Computer-Based Trading Platforms
- The Role of Gas Engineers in Modern Energy Systems: Linking to Sustainability and Innovation