Login | Live Chat | Contact | Support (888) 200-9494
HOME » BLOG » Technology » Security or Complexity? Don’t confuse the two.

Security or Complexity? Don’t confuse the two.

December 7th, 2009 by Carpathia Hosting
Tags: Security, Risk Mitigation

So, I recently learned of an organization that is imposing new password parameters.  You might want to sit down for this: the password MUST contain 3 uppercase letters, 7 lower case letters, 2 numbers and 5 special characters.   Secure, right?  Wrong.  It’s this kind of password policy that guarantees you will find each user’s password on a sticky-note under the keyboard.

 

Or, how about this; client A sets up some very convoluted access policies for their systems at HostCo.  Keys to the cages where their servers are kept are in safes that require a combo lock and a key to open.  The armed HostCo guards have the safe combo while the HostCo SysAdmins have the safe keys.  Sounds pretty secure, yes?  Not really – it only takes compromising one employee of one company to get to the systems (you can probably figure out which one).

 

I am certain that you have also experienced “security” measures that give the illusion of security but really are only overly complex.  This is a real danger to your data’s security.  The more complex you make a process or procedure, the more likely someone will find a way to circumvent it while creating the illusion of compliance. 

 

Let’s take the password example - according to their standards, the following is perfectly acceptable:

ZXCasdfghj12!@#$%

 

According to Microsoft’s password checker, this is a very strong password and it’s easy to remember.  But, is it really secure?  Not if everyone uses it or if someone is looking over your shoulder (the key strokes are VERY easy to follow). 

 

According to the same checker J@ySm1th25896! is just as strong.  If I am Jay Smith and my ZIP code is 25896, it’s easy to remember and is not as easy to follow if someone is looking over your shoulder.

 

The point is that security measures can be strong and not involve the Headless Chicken Dance.

Write a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.
 
pbpiphbdrt
Posts: 2
Comment
vGzEgsHIpfMNMqStzOc
Reply #2 on : Thu April 26, 2012, 10:02:11
QV58yw , [url=http://agkbljsbjomb.com/]agkbljsbjomb[/url], [link=http://lvdmhayuqsvl.com/]lvdmhayuqsvl[/link], http://fpoadhckmyzb.com/
Pingki
Posts: 2
Comment
aIfssGloliuMbdfv
Reply #1 on : Tue April 24, 2012, 01:17:22
One thing I'd like to say is the fact car insurance cacnileng is a dreaded experience so if you're doing the correct things like a driver you will not get one. A lot of people do have the notice that they have been officially dumped by their own insurance company and several have to struggle to get extra insurance following a cancellation. Low-priced auto insurance rates are usually hard to get after a cancellation. Having the main reasons regarding auto insurance termination can help motorists prevent completely losing in one of the most significant privileges available. Thanks for the suggestions shared via your blog.

[ Authors ]

[ Categories ]

[ Archives ]

Archives

engage
twitter facebook linkedin
connect
facebook share twitter share linkedin stumble digg delicious reddit mail