back to article Protecting users from themselves

‘“The problem with making things foolproof is that we keep evolving a better class of fool”, as the old saying goes. And nowhere is this more true than in security where breaches remain regular and commonplace despite all the investment that has gone into it. Getting to grips with the security challenge is vital, because the …

COMMENTS

This topic is closed for new posts.
Silver badge

Why security is not working - and the rest

Incompatible security standards - A former employer insisted that Single Sign On passwords were exactly 8 characters in length because that was the maximum one system could cope with and the minimum for another.

Username/Password proliferation - Every organisation with a web presence feels the need to do its own user authentication, with no standardisation. Some use your email address as a username, some let you pick your own, some assign one to you, tough luck johnsmith6355478! I know there are password vaults available but that's putting all your eggs in one basket and addressing a symptom, not the disease. Most online retailers accept Visa/Mastercard/Amex, could these organisations or others provide an identity authentication service using a single username, secret pin and keyfob passkey generator like the one I use for my work VPN?

0
1
Grenade

Security not in education

Students leave education with no training in security. In fact, exactly the opposite. In order to ensure the student's primary focus is targeted on learning the material [for which the student has paid], secondary detractors -- eg security--- are routinely and aggressively removed from educational systems. Since education cannot possibly provide training in the security required for each and every type of business type, security training must be provided by the employer. For smaller businesses, this is a financial burden which is usually avoided.

Basic security needs to be addressed in education and training.

0
0
This topic is closed for new posts.

Forums