Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Security Lessons From My Doctor
Threaded  |  Newest First  |  Oldest First
AgileEva
50%
50%
AgileEva,
User Rank: Apprentice
2/25/2016 | 12:23:36 PM
Thank you for educating your readers about the importance of online security
Hi Adam,

I'm Eva and I work for AgileBits, the makers of 1Password.

I wanted to thank you for taking the time to educate your readers on the importance of password managers and online security, and for including 1Password in your discussion!

In this day and age, it is so important that we all use strong and unique passwords for every site that we visit, and password managers can help make it much more convenient to be secure.

Keep sharing the secure word!

Eva Schweber
Good Witch of the Pacific Northwest @ AgileBits
support.1password.com

 
adamshostack
50%
50%
adamshostack,
User Rank: Apprentice
2/25/2016 | 8:32:10 PM
Re: Thank you for educating your readers about the importance of online security
AgileEva: You're welcome!  And while I do like your product, the goal of my post was to talk about why people resist change, and what we can do about it.   (Also, let me be clear: I pay the same price as anyone else.)
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
2/27/2016 | 6:50:59 PM
Re: Thank you for educating your readers about the importance of online security
Agree. The change is difficult. Starting using a password manager would be a change too. Ultimate goal should be getting rid of whole username/password.
Dr.T
0%
100%
Dr.T,
User Rank: Ninja
2/27/2016 | 6:48:42 PM
Re: Thank you for educating your readers about the importance of online security
1Password is good, some others are good too. But I suggest nobody should be using any password manager. If one could not manage a password they could not manage a password manager, they would put themselves in more risks.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/27/2016 | 5:36:04 PM
PW mgrs.
I great piece of advice I got recently regarding password managers: Don't put your actual passwords in them; instead, put your hints in them.
adamshostack
50%
50%
adamshostack,
User Rank: Apprentice
2/27/2016 | 5:39:32 PM
Re: PW mgrs.
Joe--that's an interesting approach.  Would you suggest it to someone who's busy or forgetful?

 

For many folks I've talked to, security is a side effect: the real win is it's easier to use.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
2/27/2016 | 6:54:48 PM
Re: PW mgrs.
Good question. I would suggest to anybody, if they could not manage putting a hint into a password manager they should not be online. Also agree, security is less of problem for many, they are concern on privacy.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/29/2016 | 7:00:30 PM
Re: PW mgrs.
Well, it's all risk management, let's not forget.  Security and accessibility are at constant odds at each other.  Sacrifice the one for the enhancement of the other.  The real issue is balancing both so that people are educated in terms of engaging in "best practices" -- or, at least, if they're going to ignore those best practices, that they do so knowing the consequences and the risks.

And a related best practice: Minimizing the data you 1) collect and 2) put out onto others' systems about yourself.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/28/2016 | 10:46:33 PM
Re: PW mgrs.
While we can all agree that putting your password on a sticky note on your monitor or in your top desk drawer is a terrible idea, many security experts have over the past few years reversed conventional wisdom and suggested that people DO write down their passwords -- on the condition that the password is lengthy, has a lot of entropy, and is otherwise nothing on the order of what a human would naturally select for him- or herself (i.e., the password is pseudorandom if not truly random) -- and then put the piece of paper somewhere truly secure, like your wallet.

Of course, even better -- should the piece of paper get compromised somehow anyway -- is to write down a hint that is meaningful to you but not meaningful to anyone else.

Doing this in a password manager is simply another approach to this thinking.
Dr.T
0%
100%
Dr.T,
User Rank: Ninja
2/27/2016 | 6:52:26 PM
Re: PW mgrs.
Agree. This is a good idea. Do not write your whole password anywhere. Or you can keep all those hints in your brain. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
2/27/2016 | 6:45:27 PM
Change is difficult
Agree with the article. We could not stop smoking or start eating more vegetables or going to 30 minutes' walk every day or having a complex password since all these things are changes in our life styles. And change is difficult.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/28/2016 | 10:48:57 PM
Re: Change is difficult
Baby steps.  Start walking for 15 minutes every other day.  Build it into your habit over a few weeks.  Then increase the lengths of the walks or frequency.  Take steps to make vegetables more accessible.  Try vaping instead of smoking (it's how two family members and several friends of mine have quit!).  Is BIG change difficult?  Sure -- if you try to do it all at once.

But as the adage goes: How do you eat an elephant? One bite at a time.

So too with security habits in user behavior.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-23807
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
CVE-2022-23808
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
CVE-2022-21707
PUBLISHED: 2022-01-21
wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, bu...
CVE-2022-21708
PUBLISHED: 2022-01-21
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL han...
CVE-2022-23363
PUBLISHED: 2022-01-21
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.