National Internet Safety (and Security?) Month, MAAWG, and Passwords

Related Articles

• Reliability and Security Must Be Decision Criteria for the Cloud
• Mobile Device Usage Continues to Accelerate - Along for the Ride: SMS Spam
• Industry Coordinated Defense Needed to Battle Botnets

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

The United States Senate passed a resolution in 2006 stating that June is National Internet Safety Month, the idea is to prompt Internet safety discussions between parents and kids—but why not expand to include IT, users and security? Things like identity-theft protections, not sharing too much personal information, being phishing aware and Internet defense are all topics to be encouraged this month.

In the wake of all the breaches we have encountered of late, it is worth calling user’s attention to the fact that information sharing is often optional, it just doesn’t always appear to be optional. By default companies today ask a lot of questions about you and that information gets stored somewhere and—as we have recently seen—it is not always stored very securely. So encourage users to think before giving away names, addresses, birthdates and other such information.

This week I had the honor of being invited to a few sessions during the Messaging Anti-Abuse Working Group’s (MAAWG) 22nd General Meeting. Held in San Francisco, the group’s focus was on the future of online messaging with multi-track sessions on a variety of anti-abuse topics. The meetings are held three times a year, are open to members only and much of what is covered is confidential (read no press allowed). The group does valuable work and is a great resource.

The keynote by Dr. Markus Jakobsson, principal scientist, consumer security with PayPal and active MAAWG member, offered suggestions on how to improve the user authentication experience. Also in attendance at MAAWG this week was Osterman Research, Inc. Analyst and President Michael Osterman. So as not to duplicate efforts, please read Osterman’s highlights of Dr. Jakobsson’s talk in his write-up entitled: Making Passwords Easier to Remember and More Secure. I recommend you take the time to review Dr. Jakobsson’s advice on passwords, which Osterman shares, it is interesting reading and research.

A key point Dr. Jakobsson makes is that users should make passwords from what he calls “fastwords” that boil down a story into three words. These words on the surface seem very random, but to the user these select words are meaningful because they tell a tale, which aids in password recall success.

Another password memory recommendation, similar to Dr. Jakobsson’s advice of telling a story, is to come up with a password with which you can make clear associations or phrases. Traditionally, a strong password is one that contains both uppercase and lowercase letters, numbers and symbols. So the example would be if you have this password: Hmkw?Aba4g! A user could remember it by: How many kids won? A boy and 4 girls! These kinds of tricks make remembering passwords much easier, as Dr. Jakobsson points out people hate passwords, mostly because good passwords are hard to remember.

So while it is National Internet Safety Month, June might be a good time to share with your users the concept of Dr. Jakobsson’s “fastwords” to help with password recall or perhaps remind users to think before sharing too much personal (or company) information on blogs or social networks. Or maybe remind people to go home and tell the kids what phishing means or that it is easy to hide true identity online.

Dr. Jakobsson believes that to really reach users we must first get their attention and motivate them, and then give meaningful advice that is actionable. “To be boring is not good,” says Dr. Jakobsson. “Be attractive to users and do not ask them to do anything that is too hard or complicated because they will not comply.”

Malware, crimeware and other Internet hooligans are so creative and often appear very attractive to users. Internet safety and security today is something we all need to be aware of because buttoning down a network so that it is impervious to attack is increasing difficult, some might say impossible. Even companies like RSA Security and Lockheed Martin, which put a premium on security, can be victims. Perhaps National Internet Safety Month is the time to get creative on sharing online dangers and risks to get your users interested in security and online safety.