This time of year you see a lot of ads that give you a front row seat to the porch cameras versus porch grabbers playoff games. The field is composed of a porch, a highly technical doorbell that has a hi-res camera, and the package grabbers. Fun to watch only if you are the game winner. You may have noticed new players and a referee made the playoffs this year?
Enter the hackers who don’t steal the packages but steal your privacy and instill fear and shock. If you saw the terrified young girl who had a hacker intrude her bedroom camera with a horrible attack on her young innocent soul, you get it. Once this hit the news the second new member of the playoffs stepped in to quell the storm; the referee. This ref had a simple answer as to who was to blame. The fans! The fans (in this case you the user) were at fault for your “poor security practices”. So those that purchased the tickets (in this case a wireless camera) had fouled. (Read this news article to get the details.)
The funny cat and mouse games of gotcha! versus got-it! now got scary with hackers entering the game. And now we have a referee that calls foul on the fans. Does this make sense? Let me offer my personal opinion, which is only my opinion, and may be wrong.
I’ve worked in IT my entire career. A pet peeve is the paradox of an advanced technological solution, designed for a group of largely non-technical users, that leaves the user vulnerable.
Let me explain it in terms of what seems a no-brainer solution to the “user poor security practices”. You have a computer that interprets your actions (keystrokes in this case) when you choose a password. It likely even lets you know it is watching by showing whether it thinks your password is “weak” or “strong”, or “low”, “medium” or “high” on the password security scale. Yet the computer who knows best about security ratings lets you choose a “low” or “weak” password? Hmmm, who’s in charge here? Is it the technical people writing the software the computer uses to interact with you, or you the non-technical user? You see the solution here? Force strong passwords! Technical company, please shamelessly steal this easy fix to solve the weak password problem.
But wait, on top of the poor password foul the fans are also to blame for not using TFA. TFA in plain English is a way to further strengthen your security by adding a second layer of security (Two Factor Authentication). Technical companies know passwords are NOT secure alone. Again, the technical companies soliciting you as a fan to come to their game, are the same people who know you really need a coke (TFA) with that hotdog (password). You see the second fix? Bundle the hotdog and coke. Or in this case REQUIRE TFA! Again, technical companies please steal this idea to help your fans.
To sum it up. The best security practices can be enforced by technical companies who know them best. Leverage your technical prowess to help your customers be safer. Let your fans enjoy the game and fire the damn ref!