Bypassing The Password, Part 1: Windows 10 Scaremongering - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Bypassing The Password, Part 1: Windows 10 Scaremongering
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
macker490
50%
50%
macker490,
User Rank: Strategist
4/20/2015 | 9:20:08 AM
Hacking happens AFTER you log on
Hacking happens after you log on: you get nailed by a drive-by shoot from some site that is suffering from "malvertising".  Or you click on an eMail you think you need but which is actually a clever forgery,-- called "targeted phishing"

once you are "pwned" you no longer know what your computer is doing

there are two thngs needed IMMEDIATELY in the area of Computer Security

(1) Use an operating system which will not allow itself to be compromised by an erratic application program,-- whether by error or by intent.

(2) AUTHENTICATE all transmittals, particularly software updates but also financial records such as forms 1040, online banking and the like, and also eMail

you need both of these fixes

running with the current popular software is much akin to driving down the Dan Ryan Expressway on your inner-tubes
jamieinmontreal
50%
50%
jamieinmontreal,
User Rank: Apprentice
4/20/2015 | 10:38:44 AM
Password or Password Management issue
Joe, an informative and entertaining read thank you!   I agree completely that the issues we face with password security are nothing at all to do with passwords in and of themselves and everything to do with their management.   

I can't lay the blame on users choosing bad passwords or falling for Phishing attacks despite the undoubtable logic of that conclusion.   Humanity isn't a hard coded, logic based setup by any means - automation and policy implementation are valuable precisely because of this.

Better management tools, better policies and removing mundabe but somehow stressful decisions from the day to day of those users on all systems is simply a necessity and - as you rightly point out - there are several authentication methods available to support increased security.   What systems have you seen deployed that make the most sense?

I'm looking forward to the next in the series
shamika
50%
50%
shamika,
User Rank: Ninja
4/20/2015 | 11:39:30 AM
Re: Password or Password Management issue
"Many password reset methods can be problematic -- especially when those in charge of the resets fail to follow proper procedure and policy". Absolutely.  I have bad experience where I had to ask the IT team to rest my password since I have not followed the proper procedures.

 
shamika
50%
50%
shamika,
User Rank: Ninja
4/20/2015 | 11:46:20 AM
Passphrase
If we use the above mechanism when generating our password will it prevent us from hackers?  This is complex but still can remember easily.
mak63
50%
50%
mak63,
User Rank: Ninja
4/20/2015 | 4:22:59 PM
hope
After reading the Adobe paragraph, I was losing my hope to ever be secure of hackers. Luckily the author mentions the multifactor authentication and common sense. I think that's the best way to go.

Maybe Cortana can ask us a few questions as well. Just to be sure.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
4/20/2015 | 8:18:56 PM
Re: hope
All of the security breaches have one thing in common: human error.  For instance, in the case of Target, it was a third-party vendor who had access to Target's servers and the attack was orchestrated using that vendor's credentials because SOMEONE didn't do their due dilligence with regard to the vendor and the security measures THEY employ. 

If you're going to let someone in your house, you best do the legwork on what goes on in THEIR house first.  IMO.
jamieinmontreal
50%
50%
jamieinmontreal,
User Rank: Apprentice
4/21/2015 | 1:19:57 PM
Re: hope
Good points and woth noting that there's a difference between the passwords for one user on many systems (you and I logging in to our day to day workstations, applications etc) and the admin passwords where one system is being accessed by multiple users.

Ther are tools to cope with both and in the case of Target, the credentials with privileged access could have been managed so that the hacker wouldn't have been able to get in using the same password after their initial attempt. Given that the hacker was in there for months to get the info they wanted, it's reasonable to assume this could have been prevented.
jamieinmontreal
50%
50%
jamieinmontreal,
User Rank: Apprentice
4/21/2015 | 1:26:37 PM
Re: Passphrase
@Shamika - think how a hacker gets in... either they steal a password through it's careless reveal (post-it note on workstation, list of "secret passwords" on a stolen phone, brute force a weak password, phish / social engineer it from a user, keystroke logging, session monitoring...

Passphrase is certainly better than most passwords, but it shares some of the inherent weaknesses.

Multi-factor authentiation is a little better still.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
4/21/2015 | 2:34:22 PM
Re: hope
@jamieinmontreal - Exactly!  Completely preventable and one of those things that falls through the cracks probably all of time.  Most times it doesn't matter - no one would ever notice.  This time it didn't matter - and WOW - what a costly mistake!
moarsauce123
0%
100%
moarsauce123,
User Rank: Ninja
4/22/2015 | 7:35:27 AM
Passwords have one huge advantage
You can change a password quickly and easily...try that with finger, face, or iris.
Page 1 / 2   >   >>


State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll