* Posts by gareth-coffey

2 posts • joined 9 May 2016

Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors


Re: Heh

So by that statement, the encrypted backdoors the Gov plan to deploy should also use encryption that is breakable.

I wonder how many of these backdoors will be exploited on day zero, and who will be responsible for the cleanup ... shift the blame to telcos? Probably

Stop resetting your passwords, says UK govt's spy network


If you have crappy user management, and want to avoid having your accounts pwned, you might consider a 14 day password expiry. However, you may consider that 'Holiday1', 'Keyboard99' will probably be cracked faster than you can CTRL + ALT + DEL.

User security should be constantly monitored and evolved, if users are having difficulty remembering passwords or meeting stringent password requirements perhaps you need to review your current policy. What can you do to appease your users but without compromising on security?

Get creative and don't take GCHQ's advice of simply extending the period in which a users password can be cracked.

Biting the hand that feeds IT © 1998–2019