Security Weak Link, Humans

Forum Moderators: open

Message Too Old, No Replies

Security Weak Link, Humans

engine

4:39 pm on Nov 6, 2019 (gmt 0)

Site security is an issue for webmasters and users alike, but, when I was reading about a non-technical security issue, [webmasterworld.com] it reminded me that one of the weak links could be employees, either deliberately, or inadvertently revealing details to a bad actor. It can happen as a single record, or as a database.

I realize we shouldn't reveal our own tactics for preventing data being revealed, but it's worth a reminder to raise the bar to make it more difficult for accidental data release. Theft by an employee is entirely different, and i'm not sure how that can be prevented 100%.

RhinoFish

7:55 pm on Nov 6, 2019 (gmt 0)

Intentional acts are a problem, but a small one.

The people logging in using http on public wi-fi or the passwords they use... one of the big hacks in the last year, the company used admin / admin as a user / pw combo... Users, in my experience, are the biggest threat to security.

If you use the same password in more than 1 place, you too, are part of the problem. :-) How are we going to enforce that? Hahaha!

I use long, random, unique passwords via login tool, and many login pages seemed designed to not welcome secure users like myself, they're unfriendly to pw tools like logmein and roboform. My gmail logins do this too, so I'm not talking about some small mom and pop firm. Secure users should be rewarded, insecure ones punished (or blocked from services). Our security is most often compromised by our fellow users and admins. Humans are def the weak link! :-)