I found it fascinating the changes in the types of potential security breaches students mention from semester to semester. In past classes, the issues surrounded viruses, spyware, worms, and other malware. During the past semester, the postings were on wireless issues (lack of encryption), server security, patch management, laptop (data-at-rest)and thumbdrive security, social engineering, shoulder surfing, tailgating, identity theft, and dumpster diving. This semester again wireless issues and thumbdrive security seems to be the major concern. But I am pleasantly surprised that physical security issues (tailgating, improper key duplication and social engineering) and CAC card problems seemed to garner the most attention. This reflects a broader perspective of security beyond the intrusions from the World Wide Web.
Some students think that because of the exercise on alternatives to passwords, I am implying that passwords should be replaced totally. No, I am in favor of a two-factor authentication which typically includes a password or a PIN particularly when dealing with portal entry. I am disappointed with passwords themselves which are long, complex and impossible to memorize. And they say not to write it down. There MUST be a better system. I'm glad a few of you mentioned PassFaces but that is still vulnerable to shoulder surfing!
Oh, yes, MISS RAMBO says...
3 comments:
Doc Pang,
I just now checked my Portfolio for the first time ever and saw your feedback to my assignments.
Is there a page that has past feedback from you or is this the first feedback I've had?
Sorry, there is not such a page but if you send me an e-mail I can tell you what I have in my notes.
Les
Sir,
Much like MISS RAMBO's comment, my wife about 2 months ago also forgot the password to the file where she keeps all her passwords. I'm not kidding one bit.
Chris
Post a Comment