Archive for September, 2010
Apparently, people aren’t as leery about dealing with “shady characters” as you might think. Carnegie Mellon University recently concluded a study in which they found that people were less likely to reveal things to websites that look official (even when that’s just a matter of what logo’s used) than to one that looks like it might be run by people who’ll abuse your trust.
That’s really important for people who want to run honest businesses, as odd as it might seem. Even though I’m not a psychologist, I’d say that the reason the study had the results they did is that people have, for whatever reason, an inherent distrust of anything they perceive as “The Man”, while they don’t mind sharing anything when they feel they’re sharing it in confidence like they would to a friend.
Obviously, no honest site wants to look like they’re only there to use people’s data to rob or defraud them. However, this would seem to indicate that they shouldn’t look too polished, either. If people are more ready to share things with a site that looks dubious than with one that looks official, it’s safe to assume that they aren’t willing to risk anyone in a position of authority to coming after them as much as they are willing to risk being robbed.
This ties in to the issues of online safety raised in previous posts on this blog on the second and eighth. People who’ve spent their entire lives in the Internet age are generally more trusting with their information, in whatever form, than people who remember life before computers talked to each other as a matter of course. And nobody wants to deal with a lot of the extra steps they have to take when dealing with some sites that are supposed to be safer because of the extra, proscribed measures they take to that end.
So, for a company to be successful at getting all the information it wants, you apparently need to buddy up with people rather than look like you’re certified and approved. I can’t say that I like that idea, because it’s hard to tell the online company that’s your buddy from the identity thief that’s just looking for a way to get into your bank account. Whether this will lead to an epidemic online, though, I don’t know yet.
Everyone understands how important it is to keep your information secure online. If you don’t you could find yourself faced with anything from someone using your name to flame someone you’ve never heard of before all the way to stealing your identity and your credit cards and your bank account. There are plenty of people out there who are perfectly willing to harm others in the name of getting what they want, no matter what that is, and you’re more readily exposed to them on the Internet.
The general assumption is that you need an outrageously complicated password as the first line of defense against this. However, it’s recently been suggested that this isn’t the case. It’s recently been suggested that removing just about all restrictions from what possible passwords are allowed would do a lot more to protect people’s information than keeping things complicated would.
The immediate answer has been that people can just use “brute-force attacks” to try all possible letter and word combinations, so you need something that’s going to take longer to reach than the attacker is willing to spend. However, there’s a problem with that argument:
These people are willing to spend all the time in the world, because the payoff is potentially extreme.
So, it’s a lot better to have systems in place to stop that kind of attack than to try to just hide from it. It doesn’t matter how well you disguise yourself, sooner or later someone’s going to send a virus or something after you because the skilled ones are able to send programs out to float around the Internet and do all the work for them.
Obviously you shouldn’t make your passwords easier to work out – if you’re on a given website, making your access code that website plus some number is always going to be a bad idea. So is making it something you’ll never remember, so that you have to write it down. That can make it easy for someone to just stumble across, especially if they’re already rifling through your things to rob you.
Ultimately, keeping your information safe online is going to come down to the quality of the security software of the site where you’re keeping it, rather than to how complicated your password is. It’s possible, with the right hacking skills, to get into the account without using the password at all.
It isn’t possible for everyone to create their own unbreakable security online, because everyone would have to be computer experts – a definite impossibility. So, you need to make sure that you don’t put anything important on sites that aren’t rock solid to begin with, and to get a good security software installed on your computer.
Most notably, the websites with the best track record for this allow for far fewer restrictions on what passwords you can use. That can actually do more to hide you in a broader selection of possibilities, so that you actually stand a better chance all around of withstanding online attacks.