Paying for your mistakes

[viranimus]

I have noticed in the wake of these hacks that many of the organizations who have been hacked have fell prey to knee jerk reactions and inappropriate responses.

One such example is that password conventions have yet again gotten more complex. So in some cases your new password has to be 8 chars long, Letters, numbers, special symbols, blood of your first born, etc. Ive had passwords for over a decade that haven't been compromised, But the accounts might have been compromised because of the organizations ineptitude.

So I am more than a bit confused. Is there a reason why the general public is being inconvienenced by corporate error and ineptitude? It sort of reminds me of how DRM protocols dont punish pirates, and really only punish legitimate buyers.

TL: DR Should companies punish innocent individuals with inconvenience because of the organizations failure? And/Or what ways could be implemented to fix the problem without having to add in measures that have no impact on the situation anyway?

 

[leedwashere]

If its coming from the corporate level, as in places voluntarily taking steps to make their online services more secure, then its not really a punishment. Its the company being a responsible holder of private information because, as has been shown a lot recently it seems, the current norm is rather deficient in being secure. Better the people directly involved take the steps themselves rather than politicians stepping in and doing the same, or something dumber, through legislation.

I do understand however that there is very likely no amount of letters and special characters that would even closely resemble 'secure' to most of these groups... but I still think making it incrementally harder is better than throwing the hands up in the air and saying 'screw it, its a losing battle'

In the end its just like every other crime in that people who want it bad enough will get it done regardless of the precautions, but that doesn't make it a good idea for security measures to ease off or become stagnant. The point is not to make it perfectly secure... just to raise the threshold of how badly people have to want it to put in the required effort to achieve.

 

[bobmus]

One such example is that password conventions have yet again gotten more complex. So in some cases your new password has to be 8 chars long, Letters, numbers, special symbols, blood of your first born, etc. Ive had passwords for over a decade that haven't been compromised, But the accounts might have been compromised because of the organizations ineptitude.

The passwords thing is just good internet sense. Don't use the same password everywhere, and make them complex.

Otherwise it's a little like the whole shoes off at the airport thing - do the terrorists win if we must take our shoes off at the airport and leave our drinks in the bin?

 

[viranimus]

Otherwise it's a little like the whole shoes off at the airport thing - do the terrorists win if we must take our shoes off at the airport and leave our drinks in the bin?

I do see what your trying to get at,you make a good point. Its a logical thing to do. If your password is password you really shouldn't be upset at being faux hacked. However I have to disagree with that analogy. Its not comparing the same thing. Being checked at airports is done because it is a bottleneck where invariably such activity will have to flow through in order to proceed. Hackers are not gaining entry to the secure areas of network sites via individual user names & passwords. Its quite the opposite, they are gaining access to user names and passwords via secured areas of the site. Sort of like the individuals using the front door and the hackers using the service entrance.

I don't think we should give up on trying to protect our security. However I don't see the point in forcing individuals to encumber themselves with "security measures" that have nothing to do with the problem in the first place.