October 17, 2015  

How to improve the weak link in our security chain.


In the last couple of weeks, multiple blog posts have been reviewing the dangers that come from hackers. For example Jurgen Langbroek wrote about ‘Hackers steal your data during your morning commute’ and 374642bd uploaded the article about bank robbing hackers called ‘Hacking a bank: Low risks, high returns’.

Hackers attack different groups in society and they obtain both generally high value, the bank robbing with high returns, and low value information, the ‘sniffing software’ used to check our online traffic while we are at a local router. But IT companies should address the security both the high value and low value objectives. One may argue that it is also the responsibility of the end-user to be critical over their own security measures (such as the firewall settings, strength of passwords and the frequent change of their passwords) but passwords are described as the weak link in our computer security chain (Stockley, 2015).

This problem is becoming more important as we start to use different mobile devices for our online activities. Leavitt wrote about it in 2005, targeting the mobile phones as the next frontier (Leavitt, 2005), and as we read the blog about our daily commute hackers we can conclude that he was right. In my opinion IT companies need to focus on creating solid and secure solutions, to keep track with the hackers abilities.

For example Yahoo is trying a new feature with the launch of their new email application. They try to avoid weak passwords of the users and use their platform of different applications to enable a new way of logging on. They introduces Yahoo Account Key, signing in is changed from typing in an email and password to receiving a notification to the users phone for access on the computer (Becerra, 2015). But to be honest, as wel as the critique given by Becerra in the article, I’m not sure if this makes the system any more reliable and secure than it was before. For instance if someone also has your phone or the battery died, you would probably wish you still had your password. IT needs to come up with better solutions than this one to make me feel comfortable and safe logging on.

3 responses to “How to improve the weak link in our security chain.”

  1. 373666db says :

    Interesting that you say “but passwords are described as the weak link in our computer security chain” and “IT needs to come up with better solutions than this one to make me feel comfortable and safe logging on.”

    In my opinion, for passwords it’s not IT that needs to improve.

    Most passwords are the weak link because people prefer to have one easy password, which they use for every different place they need to login. Many people simply use ‘password’ as a password. Or the name of their pet, child, favorite item, etc. And they hardly ever change their passwords either. When was the last time you changed all your passwords?

    If everyone stops using simple to hack passwords, and instead use something like !!!~~~AlhFsH$$$5 as a password, it will be a lot more difficult to hack. Especially if you have a different password for every login and change it every six weeks or so.

    People are the weak link in computer security, but if they are smart they can be the best defense instead.

    Reply
    • jackcornelisse says :

      Thank you for replying! You are right in stating that the human error in this story is the weak link. We should use as difficult passwords as we come up with. But that is causing the weak link problem of the passwords (I should have phrased it as ‘a’ weak link in stead if ‘the’ weak link), as IT systems of companies all tend to create platforms and include account functions on their websites and apps, people need to come up with different passwords every week. Your solution of changing passwords every 6 weeks would almost become a daily task. This statement is exaggerated, but keeping the security level of passwords high, using different passwords every 6 weeks and still be able to maintain every account that we currently use seems almost impossible.

      Thats why I pointed out that IT companies should try to replace the password function for a more stable and reliable defence mechanism. “The chain is as strong as the weakest link”, lets try to replace the weakest links (passwords and the human error) by taking away part of the responsibility of the end users and rely on, hopefully, beter systems.

      But for now, I agree with you on the best defence. We should focus on using the most difficult passwords we can can come up with, or generate! I found a video (used in the article of Stockley (2015), that explains the power of passwords and the possibility to generate them.

      Reply
  2. joonchik says :

    I agree with your article, but I think that part of this problem is already being addressed currently by using two-factor authentication by many websites. Even a weak password can be made strong by using a second factor for authentication. Wall Street Journal journalist Christopher Mims felt even so secure that he publicly revealed his password online to make a point (WSJ, 2014). The new Yahoo Account Key function can even be called a more user friendly version of two-factor authentication, because it completely removes the need to remember a password, while keeping two factors (the phone and the pin-code to enter the phone). Solutions like these can really remove the ‘weak link’ in the security chain.

    JH Aben 171724

    References:
    The Password Is Finally Dying. Here’s Mine
    http://www.wsj.com/articles/the-password-is-finally-dying-heres-mine-1405298376

    Reply

Leave a comment