Premium email
Paying a premium for spam-free certification is a viable option for addressing email spam.
posted by Andrew Petro at 11:15 AM
0 comments
Friday, March 17, 2006
Thursday, February 16, 2006
Beware of cleverness
When you get that giddy feeling of doing something clever, it probably means you're doing something you shouldn't.
Using SSL to present a login page really is a good idea. Clever approaches to avoiding having to SSL your login page are a bad idea.
If SSLing a page that most users will not use to log in strikes you as expensive, stop embedding your login form in pages with other purposes and instead use a login button that delegates to a dedicated web sign-on application.
Using SSL to present a login page really is a good idea. Clever approaches to avoiding having to SSL your login page are a bad idea.
If SSLing a page that most users will not use to log in strikes you as expensive, stop embedding your login form in pages with other purposes and instead use a login button that delegates to a dedicated web sign-on application.
posted by Andrew Petro at 6:19 PM
0 comments
Sunday, January 22, 2006
Passwords do not security make
Risks to the Public cites Cingular's allowing customers to avoid having to enter their voicemail password when accessing their voicemail from their own hardware (with the ability to opt-in to this password requirement).
I think Risks is way too harsh on this worthwhile innovation.
I don't think it's nearly so clear. Firstly, the necessary privacy for voicemails is a spectrum distribution across users. There are some users whose voicemail needs to be very private. My financial advisor's voicemail message asks me to leave only a callback number. Some people presumably turn voicemail off entirely to prevent sensitive information from being stored in voicemail.
But my sister leaving me a message to call her, my mother reminding me to pick something up at the grocer, these things are not worthy of extreme privacy. In general I cannot think of a voicemail I've ever received that I wouldn't just as soon post to the web in public as an mp3, or even as something Googleable. And I don't think I'm alone in having very modest, or nonexistent, security needs for voicemail.
Security is not simply a "more is better" thing. It is a cost-benefit analysis, a tradeoff. In general, more security is less convenient and introduces failure modalities (forgotten passwords). I'm particularly impressed with Cingular here in introducing an innovation where end users are empowered to determine the appropriate security factors for their individual needs.
The critical factor to consider is not risk, but marginal risk. How much less secure is eliminating a pathetically short password from a relatively secure personal hardware device?
A sober analysis of the marginal risk would lead me to turn off the password for accessing voicemail from my own handset. If the Adversary gets at my cell phone, how much additional pain do I experience if, besides my address book and call history, he also gets at my voicemail? Not much, I suggest.
An additional risk here is that the Adverary might succeed in masquarading as my cell phone device and thereby access my voicemail, whereas with the password in place merely appearing to be my device would be insufficient. But again, if you steal my voicemail, you won't find anything worth stealing.
My expected annoyance of a lifetime of typing in a pointless password is greater than my expected annoyance of having my voicemail hacked because of some marginal risk.
I suspect that for some people, eliminating the voicemail password would actually improve security. Consider the user that re-uses that same PIN for an ATM card, a credit card, or a phone card.
Often we best secure by reserving security for the things truly deserving of security.
I think Risks is way too harsh on this worthwhile innovation.
The risks are obvious -- to everyone except decision-makers at Cingular.
I don't think it's nearly so clear. Firstly, the necessary privacy for voicemails is a spectrum distribution across users. There are some users whose voicemail needs to be very private. My financial advisor's voicemail message asks me to leave only a callback number. Some people presumably turn voicemail off entirely to prevent sensitive information from being stored in voicemail.
But my sister leaving me a message to call her, my mother reminding me to pick something up at the grocer, these things are not worthy of extreme privacy. In general I cannot think of a voicemail I've ever received that I wouldn't just as soon post to the web in public as an mp3, or even as something Googleable. And I don't think I'm alone in having very modest, or nonexistent, security needs for voicemail.
Security is not simply a "more is better" thing. It is a cost-benefit analysis, a tradeoff. In general, more security is less convenient and introduces failure modalities (forgotten passwords). I'm particularly impressed with Cingular here in introducing an innovation where end users are empowered to determine the appropriate security factors for their individual needs.
The critical factor to consider is not risk, but marginal risk. How much less secure is eliminating a pathetically short password from a relatively secure personal hardware device?
A sober analysis of the marginal risk would lead me to turn off the password for accessing voicemail from my own handset. If the Adversary gets at my cell phone, how much additional pain do I experience if, besides my address book and call history, he also gets at my voicemail? Not much, I suggest.
An additional risk here is that the Adverary might succeed in masquarading as my cell phone device and thereby access my voicemail, whereas with the password in place merely appearing to be my device would be insufficient. But again, if you steal my voicemail, you won't find anything worth stealing.
My expected annoyance of a lifetime of typing in a pointless password is greater than my expected annoyance of having my voicemail hacked because of some marginal risk.
I suspect that for some people, eliminating the voicemail password would actually improve security. Consider the user that re-uses that same PIN for an ATM card, a credit card, or a phone card.
Often we best secure by reserving security for the things truly deserving of security.
posted by Andrew Petro at 1:28 PM
0 comments
About Me
- Name: Andrew Petro
- Location: Chandler, Arizona, United States
I'm a transplanted Midwest kid educated on the east coast and employed here in the East Valley.
Links
Previous Posts
Archives
