My password is password
Kidding! But it got you to read my blog 🙂
In class, Steven Herrod of General Catalyst Partners discussed new challenges with cybersecurity: what it used to be, what happens when it doesn’t work, and what’s next. One notable topic I learned was about bitcoin hacks. Hackers breech a person’s computer, and lock access to files until the person pays the hacker in bitcoin. Leave it to hackers to figure out a way to use advanced technology to protect their identity while still financially benefitting.
After class, I caught up with a friend who is on a security team of a successful software startup. Their company was recently purchased by a firm that just built the tallest skyscraper in San Francisco, so now their email address has a different domain, and their company has several more layers of security.
When I asked them, “Why is cyber security so hard?”, they told me they were blown away by the lack of password standards. A number of password management companies have sprung up, like Dashlane, to help manage passwords, but if a hacker guesses the master password to the password management software, then… whoops!
Rather than use password management, they recommended, pick one password that can be used universally. Something that’s 8-16 characters, contains a few numbers, and a special character or two. When it comes time to change a password, incrementally update the number.
Okay. Cool pro tip. But how did we get here, and what’s next for cybersecurity?
In the past, individuals were responsible for locally installing antivirus software on their computers. That put responsibility on the individual, and if the person didn’t update their software, security gaps grew on their local machine. In large firms, this led to massive vulnerability windows. Sandra Bullock in The Net would blast through those holes in a second.
Looking forward, in class, Steve shared two companies that are defining what’s next in cybersecurity: Menlo Security, and OGSystems. Both introduce new security models that prevent and isolate advanced cyber attacks, including malware. As Steve mentioned, while large firms are spending resources on security by training their employees not to answer phishing emails, Menlo Security is a few steps ahead. Menlo’s technology prevents hacker code from deploying on local machines. According to Menlo Security’s site, their technology removes threats in the cloud, resulting in users being able to browse the web and check email while being protected locally.
Looking forward, as more machines are deployed to the cloud, Menlo’s approach seems solid. I’m curious to see what comes next.
References:
https://www.generalcatalyst.com/portfolio/menlo-security
https://www.menlosecurity.com/
4 comments on “My password is password”
Comments are closed.
That’s an interesting advice on setting a universal password as opposed to using a password manager. However, I’m not sure how much more secure that is given that if a hacker finds that password out, then wouldn’t the hacker have access to all other accounts? I would say having a universal pattern of passwords is another feasible and nice trick to having strong passwords that are also different and difficult to guess from account to account.
I am also curious with you to see what comes next in the realm of security as new technology produces new security holes that need to be protected in clever ways!
Users who have LIKED this comment:
I’m really surprised by the advice your friend gave you re password security. That approach would make it much easier for crackers to recover your password. All it would take is one breach of some random user forum (that happens all the time) and they have your “base” password, and then tools like John the Ripper can easily iterate over alternatives. And, that approach is tough for users – they have to remember which version is in use at which sites.
I’d recommend using a password manager like 1Password. You only have to remember one strong master password (I’d recommend a pass phrase). Then generate a unique password for all sites you visit and use the browser plugin to auto-fill for you. If that random user forum is breached, you only lose that one account.
https://support.1password.com/strong-master-password/
Users who have LIKED this comment:
A very well articulated article,
What bothers me when I set a universal password is the fact that I would be giving an easy opening to all my files to somebody who manages to break into any one of my accounts.
I am sure the current world and upcoming AI advances would be having better solutions to the creation of passwords and other security measures. The implementation of a retinal scan and/or fingerprint to access data might not be to far.
What are your takes on these possible solutions?
Users who have LIKED this comment:
Hi Sunny, this was a really interesting and fun to read article. I have never heard of Menlo’s Security approach of blocking hacker code from deploying on local machines. I think that’s a novel and smart idea, and I’m curious to see if it will pick up further adoption in the cybersecurity field.
Users who have LIKED this comment: