Working in the security arena probably means I’m more aware of my online insecurities than most. For example, I’m selective about the forms I complete and the details I divulge, I’m wary about the emails I respond to and the links I click, I always check the little padlock in the address bar and I never use the same password for a different site. But that isn’t enough!
The fact that passwords are not the strongest defence is no secret but I’ve always prided myself on creating unique 16character strings, never using a dictionary word, mixing both upper and lower case letters with numbers and symbols if the site allows (which not all do surprisingly). However, the revelation that ocl-Hashcat-plus can crack a 55-character password has once again reminded me that more organisations need to take my security as seriously as I do.
The number of security incidents where organisations have suffered a breach, and a password database has ‘possibly’ been compromised, is fast becoming a ‘non-event’. Hardly a day goes past without one or another company saying sorry and suggesting you change your password as a precaution. Well, I don’t think that’s enough.
I want a virtual world where security isn’t just something given lip-service but actually taken seriously. So, Mr CEO, if you want me to interact with you virtually and secure my on-line trades then step-up to the mark!