I don't think that it's a coincidence that a lot of my later articles have dealt with how security is implemented and the issue of security breaches.
I read an article today that I thought was very relevant to one of my points in the blog entry Multiple Locks -- One Key.
Within it, I mentioned that there one of the ways to work around using the same password on all sites without having to remember them all is to use a password manager. Further, I go on to say that the only problem with this approach is if you use an online password manager, and it's security is breached, then all of your passwords are potentially vulnerable to theft, which more or less defeated the purpose of having unique passwords. The way around this is to have a standard prefix or suffix on all of your passwords, and don't write that -fix anywhere. My example would if you added -@nan12w to all of your passwords. That way, if the password manager was compromised, the full passwords wouldn't be.
Well it turns out that I wasn't far off the boat on this one. The password manager site LastPass sent out a notice to their client that "they're not sure, but they think that their system was breached" and that users should keep this in mind and remain ever diligent. This in itself bring up another interesting problem - as these attacks become more sophisticated, we may have instances where these companies are not even aware that their security has been breached.
This issue of security and protection is not going to go away. Like it or not, we all have to remain sophisticated and intelligent and always try to make sure that our information is protected to the best of our abilities. Quite obviously, these companies aren't doing a good enough job.
No comments:
Post a Comment