Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

steve2470

(37,468 posts)
Fri Sep 22, 2017, 09:07 AM Sep 2017

Question about cybersecurity

Hi all,

I'm no expert on cybersecurity, so please be patient with me. It seems that every day, a new disclosure of a hack comes out. The SEC was hacked. We all know about the Equifax debacle. The list goes on and on.

I know *some* information must be kept online, but a simple (but maybe unworkable ?) solution is to take a lot of the super-sensitive information offline or make it even more difficult to access online somehow (2 factor authentication, etc).

You all in IT, please tell me the practical problems. It almost seems as if we need to go back to sneaker-net with a lot of sensitive information. Thank you in advance!

Steve
your happy CHaS host

3 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Question about cybersecurity (Original Post) steve2470 Sep 2017 OP
Hacks happen on purpose when it benefits the hacked. earthshine Sep 2017 #1
this article addresses my question steve2470 Sep 2017 #2
Thoughts... BadgerKid Sep 2017 #3
 

earthshine

(1,642 posts)
1. Hacks happen on purpose when it benefits the hacked.
Fri Sep 22, 2017, 09:24 AM
Sep 2017

Equifucks tried to make a business model out of this.

The execs benefit by selling their stocks high before the value falls.

The company benefits more from a world where data is insecure and can sell subscriptions to people who have to constantly check their credit reports.

The FEC admits that the info was used for insider trading.

Follow the money. This all happens by design.

BadgerKid

(4,679 posts)
3. Thoughts...
Sat Sep 23, 2017, 08:23 AM
Sep 2017

The Yahoo hack years ago (which one, right?) spurred me on to use two-factor authentication (2FA) for personal accounts. Short of 2FA, your best bet is a long passphrase. The use of multiple character classes in passphrases is good but not as necessary for sufficiently long passwords ... I'm guessing somewhere over 10-12 characters long. There are web sites discussing the crossover point. The use of a unique passphrase for each online account is best. Make use of secure (https) connections where possible. Changing your passwords regularly, while annoying, does help; in the event that archived user account data is hacked or stolen, you don't want those passwords to be valid. That's another reason for unique passphrases across all your accounts.

There are things on a provider's end that we cannot control. Some have a maximum passphrase length like 8 characters, and then there's the 4-digit PIN like those used on bank ATM accounts and smartphones. That's weak regardless of mixing lower case, capitals, numbers, and punctuation. There's also the issue of how passphrases are stored. Clear text is obviously bad; hashes are appropriate. If hashes are used, then the hashing algorithm ought to be sufficiently advanced. Fortunately, many web sites deactivate your account after too many failed attempts, forcing you to reset using email and/or security questions. That's another reason to have 2FA.

Latest Discussions»Help & Search»Computer Help and Support»Question about cybersecur...