Tag Archive: Information Security

Time for a new approach to password security?

The password. It’s been used for thousands of years and today¬†represents the key security token in modern computer systems. Despite its ubiquity, the password is not well loved. Attitudes towards passwords vary from apathy to downright contempt. Very few people would ever stand up and argue that the password is a good method of securing a system. IBM predicted back in 2011 that the password would be dead within five years. However, while the giants of the technology industry are rushing to consign passwords to the dustbin of history, nobody seems to be asking whether the problem is with passwords…
Read more

Share

Physical Security: How to cause mayhem!

I have a number of rules I use in a professional and sometimes personal capacity. This is number 1: Always assume the worst about everything. You’ll rarely be disappointed. When you apply it in a security context, it means given a choice, users will always choose the stupid option. Take passwords, if you don’t mandate a certain password quality, then they’ll choose crap passwords (No, Pa55w0rd does not could as a good one!) If you make the password rules too difficult, well… With a little patience and technical expertise though, it is possible to secure your systems effectively. Password policies,…
Read more

Share

TalkTalk: Words fail me

On Friday, as the whole TalkTalk hacking was blowing up in a big way, I sat down to write an article about the fiasco, if fiasco is a strong enough word to describe the mess TalkTalk find themselves in. The problem is that every time I managed to write a bit the story had once again changed. As with many things however, the more you sit and watch it, the more you recognise patterns. Two such patterns that have come out of this debacle are: Here’s another company that has failed to invest in Information Security; The CEO – Dido…
Read more

Share