I’m going to buck tradition a bit here. Instead of focusing on what happened this year or what might happen next year, I’m going to focus my first column of 2006 on just a couple of issues that mean a lot to me: passwords and email security. I’ll preface what I’m going to say with […]
I’m going to buck tradition a bit here. Instead of focusing on what
happened this year or what might happen next year, I’m going to focus my
first column of 2006 on just a couple of issues that mean a lot to me:
passwords and email security.
I’ll preface what I’m going to say with just a bit of background. I’ve
been actively using computers since about 1981, and the Internet (or some
form there of) since about 1983 or 1984. In that time, very little has
substantively changed in the worlds of passwords and of email security.
The state of attacks against our systems, on the other hand, has changed
significantly during that same period of time. Let’s explore each of
these issues in a bit more detail.
Static, re-used passwords are without a doubt the status quo for the vast
majority of systems most people use on a day-to-day basis. In many cases,
these same static passwords receive little or no cryptographic protection
while they’re traversing the dangerous territory of the Internet. Users
themselves are notoriously bad at generating passwords that are difficult
to guess, and they’re equally predictable at using the same (or very
similar) passwords across multiple systems.
These facts combine to produce a rather potent attack cocktail: eavesdrop
on users’ passwords and then use those credentials to gain access to
further machines across each user’s domain of system usage. Now, combine
that with the fact that we’ve seen a rather significant upturn in attacks
that focus on the application (vs. the network or OS layers), and it
should give you an idea of just how vulnerable we’re leaving our business
applications.
Countering this, however, are the available solutions. One-time password
mechanisms in both hardware and software forms have been available for
some time now. Without a doubt, they go a long way to disarming a
significant class of attacks. So, why do you suppose they haven’t gained
more acceptance than in a few niche areas? The most common reasons for
not using them are cost, integration, and, most damning, user acceptance.
Even many Web-based financial service companies don’t require them for
their customers (although there are some notable exceptions, no doubt).
We’ve just got to find a better solution to the problem, and it has to be
perceived, from the CEO on down to the end user, as an enabling
technology, not a prohibitive one.
And then there’s email security.
When I first started using computers while studying mechanical
engineering in college, we were taught that computers were for computing.
Big mainframes for modeling differential systems in FORTRAN and the like.
When I first saw a computer on a network being used to communicate, it
had a profound impact on me that I’ve never forgotten. However, I had no
idea just how insecure the medium was at the time.
The email systems back then were pretty much the same as those available
today, at least from a security standpoint. Sure, there are encryption
and digital signature add-ons that can be used to make email more secure,
but they’re rarely used by the masses and are often perceived as the
domain of techno-geeks (like me, I suppose). As a result, spam, scams,
and phishing attacks are beyond being ‘simply’ rampant.
Those of you who read my February 2005 column (hi Mom) might recall I
talked about the need for authentication in email. It really does come as
a shock to many non-technologists that our email today has absolutely no
mechanism for authenticating the sender, for all practical intents.
Now, think about the ramifications of that statement a bit.
The usefulness of email is eroding rapidly — many would say it’s already
gone. When was the last time you received an email from… say, eBay or
Amazon and didn’t assume it was a spam or phishing scam? Many of these
companies have been the unwitting pawns in phishing attacks and have been
finding they can no longer effectively use email to communicate with
their user communities.
If we don’t start doing a better job at email security, email will die
entirely. Some will welcome that, but I sure won’t. That epiphany that I
experienced back in 1983 is still alive and well for me. Email may well
be the worst possible form of electronic communication, but it’s better
than all the rest. (With due apologies…)
And, to be sure, there are many other problems we should be working on,
but these two are rather important ones and we don’t seem to be making
much progress. Here’s to some substantive advances in 2006!
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
