A recent Microsoft study claims that frequent password changing does nothing to improve security. Over the years I’ve stated that hassling or annoying end users will lead to them choosing not to use basic computer security. That is also what this most recent discussion in regards to this study will do. People will read that all security advice is useless and will stop using common online safety measures. It’s hard enough to get people to be smart about protecting their data online. This becomes an even harder task when end users think supposed experts are stating security methods are pointless.
Even after reading just the first part of the article – I know the study doesn’t state security is worthless. But your average person will tell you that is exactly what they are being told. In the past I have criticized well known online personalities for promoting this same mentality. I don’t think many in the online community take their responsibilities as seriously as they should. Most computer users take even less responsibility. From what I’ve seen most people don’t think computer security is important. They also don’t seem to concerned when reports of online companies ripping off customers surface.
Constantly being told to change passwords of course doesn’t encourage end users to embrace security. Forcing people to use secure passwords also doesn’t make them happy to join the cause. A good percentage of the online community use lousy passwords. This is a proven fact. So practices at the business level have been put in place to try and address the issue. I think most would agree this has had mixed results.
Biometrics is a technology that is suppose to help ease user frustration. Personally I’ve not seen this form of security widely adopted. Then again I don’t work for a large corporation. So maybe some have embraced this new method. Consumer products have been out for several years. I have yet to come across anyone who uses these solutions.
I’d agree that trying to educate users seems to be a lost cause. I know I’ve tried to guide many people in the right direction with minimal success. As security software has evolved less user interaction is needed. I feel this has helped to get more antivirus and firewall protection installed. Years ago these basics were harder to get in place. More people are willing to have these products installed because they are presenting less hassle.
Many would argue that security would be needed less if operating systems were hardened against attack. There have been improvements but it’s unlikely you will ever have software that is completely foolproof against exploit. The weakest link will always be the person using the software and hardware. Nothing is gained towards improving their abilities by telling them security is basically worthless.
Open dialogue is always good. But in many cases your average person doesn’t fully hear what is being said. They take snippets of a conversation and then take this as fact to backup their beliefs.
Here are the stories that got me talking about computer security once again. While some of the information from the study is worthwhile. It should be kept in mind that good computer security keeps more than just your machine safe. Data theft has made cybercrime very profitable. Don’t make the job of malware writers and thieves easy. Take basic steps to secure your computer.