One of the biggest threats to your own computer security is you. Do you pick easy to remember (and guess) passwords? Do you use the same password for multiple websites? Do you leave your computer unlocked in a public computer lab or at work when you get up for a break? Do you send passwords or other confidential information by email? Do you keep a list of passwords on the wall of your cubicle? Do you continually delay updating your operating system and software on your computer? If so, you pose the greatest risk to your own security. It is not very likely a person will be able to break into your computer if you do not leave these doors open.
A more serious example is found in The Cuckoo's Egg, the true story of Clifford Stoll tracking down a computer hacker in the 1980s. Through much of the story, Cliff watches a diligent hacker repeatedly attempt to break into computers on military bases using several default passwords such as "guest", "visitor", "root", and "manager". Some of the bases had changed these passwords and the hacker was unable to break in. Sometimes, though, these passwords had not been changed and the hacker was able to walk right in and steal sensitive information.
I think this is a very important concept. However, I think that too often security imposes certain unwanted restrictions and inconveniences upon users that lead to these situations in the first place. How can we design user-friendly systems that are still secure? I hate remembering passwords for different sites and I'm a 23-year-old full of energy. How is a 70-year-old suppose to use different passwords for different sites if he can't remember where he lives?
ReplyDeletePeople who want to break into computers pose the real threat, but individuals have a responsibility to protect their property as you say. If a burglar enters a home but the family that lives there never notices, of course the burglar won't be prosecuted in that case. It's unfortunate that we have to be so guarded against exploitation, but it is a fact of life.
ReplyDeleteThey should just come up with a different mechanism than passwords.
ReplyDeleteRemembering tons of passwords is the worst. I love single sign on.
ReplyDelete