Un articol publicat de Roger A. Grimes în cadrul Infoworld.com pornește de la una dintre cele mai recente probleme dezbătute în presa de specialitate și nu numai, aceea a unui furt semnificativ de adrese de e-mail și a parolelor acestora. Astfel, un hacker de origine rusă a reușit să intre în posesia a peste 1.2 miliarde de adrese de e-mail și a conținutului acestora.
Una dintre cele mai importante probleme pe care le punctează Roger Grimes este aceea că indicatorii de securitate sau măsurile suplimentare pe care le propun cele mai multe dintre platformele online sunt utilizabile doar în anumite cazuri, iar ceea ce pare a fi extrem de sigur într-o situație, este greu de crezut că va merge și în alta. Iar dacă se iau în considerare formularele complexe de autentificare din cadrul website-urilor și cerințele lor de a accesa conținut doar după ce logarea a fost efectuată cu succes, utilizatorul simte o nevoie acută de a folosi mereu același tip de parolă simplă, pe care să poată să o rețină ușor, fără prea multe bătăi de cap și care să nu includă prea multe caractere sau semne distincte.
În concluzie, parolele lungi și puternice sunt inutile și nefuncționale, în cele mai multe dintre cazuri. și aici intervine soluția propusă de Grimes: trimiterea unei scrisori către prieteni sau către organizații, care să asigure, într-un fel, securitatea contului.
Dear friends and businesses,
There is a good chance that all of our Internet passwords are already stolen. In light of that assumption, let me share what the real me would not do, along with other hints. That way, if you get an email or commercial transaction supposedly from me, you'll be able to quickly separate the legitimate wheat from the rogue chaff. Here are my hints:
For businesses:
- I will not ever buy a product and have it shipped to another country.
- If I buy any product and ask you to ship it to anywhere besides my long-held home address, you have permission to call me on my long-held phone number to verify.
- I will never change my mailing address, phone number, and email address, then also transfer all my money to another bank within the same day, much less same Web session.
- You should never transfer all my money to another bank or country without first calling my long-held phone number.
- I will never sell all my stock, at a loss, and try to transfer the money to a foreign bank during the same day.
- I will not call you reset my online password and be unable to easily verify information such as my last transaction, purchase, user, or origination location of the last session.
- My debit and credit cards have my picture on them. If I'm buying in person, I should at least look like a little like my picture.
For friends:
- I will not ask any of my friends to run a new Facebook app.
- I will not email you or use Facebook to tell you I'm trapped in another country and ask you for money to rescue me.
- I will not ask you to look at this cool new website in an email without any other text that actually sounds like it is coming from me.
- I will never ask for your password or give you mine, especially over email or social media websites.
- I will never offer to give you some of my money if you give me your bank account details.
- I will never offer to pay you full price for your item and pay shipping.
- I will never offer to buy something from you and suggest my "personal, trusted escrow company" you've never heard of.
- I will never send you an email saying you'll have bad luck if you don't forward it to 25 other people.
- I will never tell you to sell me an item you're advertising on a well-known auction service by taking communications offline and bypassing all their protections.
- I will never send you an email from an email address you've never seen before and ask you to click on a weird link.
- My email address will always match the embedded email link behind the visible email address.
- I will never send you an email and tell you to run a program.
- I will not start a new Facebook page and invite you to friend it while still keeping my current Facebook page.
- I will not knowingly invite you to share your friend list to look at a video.
Sursa: infoworld.com
