Thinking About Your Password with Serge Borso

Artech House author Serge Borso gave us some interesting insights on your day-to-day internet security:

I recently had the opportunity to teach a SANS class focused on Web Application Security and during the course of this training I met some great people. It’s always exciting to make connections with other security minded people, and in doing so I was actually invited to join a podcast as a special guest to discuss privacy, security and something very near to most of us: Passwords. One of the most interesting things with passwords, specifically in the context of an account on a web application/website, is that we the user, in addition to the website, have a significant amount of responsibility in keeping our data safeguarded. Let’s quickly delve into what I mean by this…

First off, not all websites are created equal. The actual process that occurs when we create an account or change a password can be done with relatively no security (lack of HTTPS, no password hashing, no salting, weak password reset practices, username enumeration vulnerabilities, no 2-FA option, no account lockout, etc.) or the exact converse. The application is responsible for most of those controls but it’s our responsibility to enable 2-FA when its available and choose complex passwords that are unique to each site. The security and privacy of our information oftentimes centers around control; and while we can’t govern the security of the services we use; we do have direct control over certain elements of the process. If hashing, salting and exploitation enumeration flaws sounds interesting, or you just want to learn more about cyber security you should consider my book or other suitable resources in this genre.

For more information or to order, click here.

 

Leave a Reply

Your email address will not be published.