Spam and security

With a series of high profile security breaches in recent weeks (Twitter, Evernote, LinkedIn and others) the obvious concern is that the attacker has access to your account. In some cases it’s more than that.

Broken PadlockThe real cause for concern is, after the stable door is bolted and the passwords are changed what to the attackers still have access to – and what (in many cases) have they uploaded to the internet for others to share?

They have your user details – name, email address, gender, age, State and City. Maybe even your three favorite security questions.

So, the best outcome you can hope for is more spam because now your email address – a confirmed, validated, active email address because it’s the one you choose to use with a service you trusted to keep it secret is out there in plain text.

Worst case they have a username and password you use on multiple sites, or enough details to try and attack other accounts depending on how much has leaked – as we’ve seen recently social engineering “hacks” have helped attackers gain control of accounts with some fairly minimal information.

I try and be good – I have different passwords for most sites (either based on an algorithm that makes sense to me but not much to a robotic sniffer, or auto-generated using LastPass) and I routinely lie about my personal details (yes, I am an 84 year old woman living in Des Moines … probably explains some of the more unusual adverts I get on Facebook!) and I make use of the + ability in Gmail to give me a clue where my email leaked from (sure, it’s easy enough to strip those off, but in many cases why bother) …

Long after the uproar of the original breach has passed and everyone has reset passwords and done all the right things there’s that residual nagging feeling that the damage has been done.

Password schemes today suck. Two factor authentication is certainly a step in the right direction (as long as we can have a scheme that’s user centric, not one per site… I don’t want to carry a small bag of tokens everywhere I go!) but the real challenge is getting sites to stop requiring information they don’t need… there has to be a better answer there… 


2 Responses to “Spam and security”

  1. Lazy developers make for bad user experiences | Ramblings of an OffBeatMammal Says:

    […] Born confused and naked, not much has changed in the years that followed « Spam and security […]

  2. строительство дома Says: – eko (экологическое), строительство дома и ремонт.

    Эффективные экологические решения постройки

    Нынешное застраивание, предпологает снижение
    возведение домов с применением экологически
    чистых материалов. Строительных материалов,
    касательно невредных для человека и природной среды, сделанных
    по новым производственным спецтехнологиям.
    Легкодоступная цена для каждого покупателя и массовое изготовление экологически безупречных материалов, предоставляет осуществимость
    возвести новый эффективный энергосберегающий домик
    или переделать устаревшый. Механизмы энергосбережения столь просты,
    что их может осуществлять любой желающий застройщик, а вместе с тем в
    будущем с беречь средства при
    отоплении в зимний сезон.
    Экологические решения сооружения –
    это путь-дорога в новую эру.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: