Category: Uncategorized

Password Managers and Post-It Notes

Annoying or funny vignette?

As a security professional at a Fortune 500 I can tell you that few security professionals in a mature enterprise want to spend the resource hours to police where you keep your passwords. It’s a wasted investment. I’d rather give you better options & make doing “the right thing” (more appropriately, “the more secure & effective process”) easier for all users.
Moral: incentivize the behaviors you want.

In the corporate world single sign on (#SSO) or federated identities are enabling capabilities we target but given the lack of commoditization in this industry pricing for these abilities can be prohibitive (see #Okta or #OneLogin). This functionality will reduce in price with age & competition. The capabilities delivered securely will always cost though as any worthwhile business enabler does.

For personal use I’m a fan of LastPass.  You can set it up with a Yubikey from Yubico as well.

Don’t be an Ostrich, remediate issues | CSO Blogs

Good article. Here’s the best excerpt if you don’t want to read the whole article.

“For a security program to be successful there needs to be backing from senior management. They need to support their staff. Enable security with the ability to execute and provide a safe framework for the enterprise to operate within. Security needs to be seen (and act) as a partner within an IT organization instead of an adversary. When half measures and evasion are relied upon by IT groups rather than doing things right the first time everyone suffers at the whim of the law of unintended consequences. It is far simpler to fix the problem in most cases than the waste energy trying to avoid it.”

How Germany’s taxman used stolen data to squeeze Switzerland

State agents around the world are finding value in commercial data leaks for some of the most mundane reasons.

Germany considering a law that absolves government workers who handle “stolen” data.