Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
eroberts

Why Changing Your Password Isn’t Enough

by Juniper Employee ‎07-19-2012 02:08 PM - edited ‎07-19-2012 02:08 PM

Why Changing Your Password Isn’t Enough

 

Today another web security breach occurred as hackers announced they have compromised 50,000 accounts from ITWallStreet.com, a website for IT professionals looking for jobs or working with Wall Street firms. Those covering the story will fixate on how this breach occurred, what techniques the hacker used and what the end user should do to protect themselves. While that is all valuable, the bigger question is: Who should be held responsible for protecting our online information?

 

The problem is simple. Organizations have rushed to put websites up in order to improve the customer experience and create valuable online brands and businesses. With this convenience, consumers have willingly given up valuable personal information with the implicit understanding that the organization is going to keep that information private and secure. Unfortunately, online businesses often focus on building features and capabilities and typically leave data security as an afterthought.

 

As a result, the majority of websites have very little in the way of protection from hackers. Exacerbating the problem, there are few legal requirements for protecting a website –  unless there is a credit card involved – which leaves companies with no strict obligation to protect your data.  

 

As a result, hearing about breaches in the press is becoming the weekly norm.

 

So what happens when websites like LinkedIn and Yahoo are breached and our personal information is exposed?

 

It’s simple…We are told to change our password. But this new web security mantra requires consumers to fix the problem for the organization. This is a broken model.

 

Consider this…. businesses in your town are burglarized. As a precaution, because you are a customer of that business, in order to protect your information, the business TELLS YOU to change the locks on your home. In reality, there must be numerous measures taken to ensure a more secure business environment. From improved locks and alarm systems to additional streetlights, increased security patrols and the establishment of a neighborhood watch.

 

So what is being done to clean up the web neighborhood and make stealing from an online business more difficult?

 

Changing our password cannot be the only hope for protection.

 

Today's breach from ITWallStreet is even more interesting and embarrassing. Personal information about people's lives, including confidential job searches, references and salary information is exposed. Changing a password in this case will not fix the problem at all.

 

We are trusting these companies to look after our most sensitive information and that requires a higher standard of security. If data is un-protected on most websites and organizations are rushing to make more data accessible on the Internet, it won't be long before hackers release lists of people with criminal records, health histories or detailed financial information.

 

This requires a major shift in the way the industry secures and protects these company sites and ultimately, people’s information. Or we could just keep changing our password?

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.