Menu
Categories

Russian Billion-Password Hack: Just Another Teachable Moment?

Published August 7, 2014 | By Dan Blum
Some greeted the New York Times Russian Hackers Amass Over a Billion Internet Passwords with elation (“Wow – this will help sell our product!“) but seasoned security experts picked the reports apart with cynical ease:

  • My FUDs better than your FUD!” tweeted Pete Lindstrom of Spire Security
  • “This story is getting squirrelier and squirrelier…single-handedly trying to create a panic, and then profiting off that panic” wrote Bruce in Scheneir on Security
  • Oh those nasty hackers” tweeted Mikko Hyponnen (you can almost hear him laughing as he pasted in the figure below)
Embedded image permalink
 
Accusations of opportunism and of spreading fear, uncertainty and doubt (FUD) aside, the main takeaway for me is another opportunity to educate folks on the need for better password and authentication hygiene. Previously on Security Architect, I’ve advocated taking some low hanging fruit two factor authentication opportunities and out of the box thinking on passwords
 
In regard to improving your password hygiene, for me the happiest result of yesterday’s story was uncovering a treasure of an article by Bruce Schneier on Choosing Secure Passwords.
 
 
Posted in Dan Blum | Tagged , ,
Subscribe to Blog Notifications...  HERE
Recent Posts
Search
Categories
Archives
Tags
Active Directory anti-malware APT audit authentication authorization blockchain breach CISO cloud computing cloud security compliance cryptography cyber-insurance cybercrime cybersecurity DLP encryption endpoint security FAIR federated identity governance IAM identity management incident response IoT malware mobile security NIST CSF OAuth PAM personal protection privacy privacy by design privileged access management privileged account management privileged identity management rational cybersecurity risk management RSAC security architecture security governance sharing social login vulnerability management