A Business Technology Place

Got Password? Can Microsoft simplify?

Who makes the rules?

Hackers love them. Security auditors like to engineer them. The average person hates them. IT support teams use them for jokes. Our computer passwords have an identity crisis! Do passwords protect us or are they just a nuisance to our everyday lives?  I find weekly articles about how hackers can crack most passwords in minutes. For some thieves, cracking a password isn’t enough fun, so just steal them. It seems the value passwords bring for protecting information is diminishing.

Industry experts created password complexity rules we should all follow to make the passwords more secure. That makes it a little harder for hackers to crack a password but does not make them theft-proof. Unfortunately, it also drives many people without a password system to write down their password on paper. Who can remember words with all those special characters and capitalizations? In essence, to get the user more secure the rules made their system less secure.

Businesses implement password complexity rules to meet a couple of constraints: a security control they are given and limitations from the software system they are using (i.e. field length, characters allowed). The result for all us is an inconsistent set of rules to govern passwords for all the systems we use. Is it 8 characters or 10? Does it require special characters? Can I reuse a password I used two years ago?

What you know and have.

Several years ago, a popular method for authentication security was created to offset the weaknesses of a single password system. Two-factor authentication is based on the idea of something you know and something you have. So for example, I know a password and I have a phone where you send me a second code. Or I know a password and I have a physical security card I can tap or read.

Now, Microsoft is experimenting with removing the password requirement completely. Their new system would make life easier for their customers because it doesn’t require a pesky password for data access. Well kind. It requires a pin from the phone to get access. I see this as a hybrid two-factor authentication. Something I know, my phone PIN. Something I have, my mobile device.  If I lose or misplace my phone they say there is an option to revert to a standard password. Would you use this?

Human behavior.

Protecting data with authentication systems is a good study in human behavior. We protect the data because we don’t want others to see it. We protect access because some people steal data. We develop authentication systems that try to find a balance between human usability and password complexity. I can see this as a college class. Psyc 231 – Human behaviors for data access and protection.

Got password?

Photo Credit: Thomas Au via Creative Commons. https://flic.kr/p/dT3HaA

 

Roku 3 stuck on update from 5.6 to 7

I solved a problem with a Roku 3 update this past weekend. The Roku box was a freebie from my internet provider when I signed-up for their streaming service package. The initial setup worked fine, but after a few weeks the system froze. I had to power cycle the unit to get it back online. After a second-time freezing I checked manually for system updates. At this point the online prompts told me there was an update available to version 7 of the Roku OS. It looked like the update successfully applied. However after a reboot, the system went back to version 5.6.

The solution I found was to do a factory reset of the device. During the reset the system automatically updated to version 7 of the Roku system software. I did have to re-authenticate with my Roku apps, but that was much better than the system freezing and I’m happy the Roku device isn’t defective.

Click-to-run video and ad content in 2017

Most of the time when I browse and consume content on internet pages I’m trying to scan and read. Ads and videos that automatically start playing are more of a nuisance. They produce noise, delay the page from loading, and require I scroll through the page to stop them.  Last year I disabled flash player content from playing automatically in my Chrome browser by disabling plugin in the settings.

To do this type following in the web address bar: chrome://plugins/

Then disable the player but make sure the box is checked to allow it to run.

Now a page that has videos that automatically load displays this

Microsoft, Google, and Mozilla have announced plans to disable flash by default on future releases of their browsers. The reasons that drive this decision are performance and security. I’d like to add nuisance reduction as well 😉

 

Onward and upward!

Compete or get left behind

Ack!

This story about Eugene Kaspersky complaining about Microsoft including antivirus software with Windows 10 touched a nerve. I had flashbacks to the litigation against Microsoft and Internet Explorer bundling in the late 1990s. Fast forward 16 years later from the browser showdown and we see that Internet Explorer is currently only the third most widely used browser in the market. That doesn’t sound like a monopoly to me.

Could there be parallels to this story and a lesson for Kaspersky? What happens when like-products compete on value, ease of use, and reputation in the marketplace? There’s plenty of room for competition in anti-virus software market too. Will the best antivirus packages step forward?

Microsoft

In my experience helping friends with personal computer issues at home, I found that most have the antivirus installed that was bundled with the computer. But typically the free trial subscription has expired. That’s certainly not a scientific study and my sample size doesn’t register as adequate. But I’m guessing many people are like that. Microsoft is helping consumers that are not tech savvy by providing automatic antivirus updates and a base level of protection. I see this as a good thing.doctorpc

Competition

There is opportunity for other competitors in this space. Just like the browsers in the late 1990s companies may have to rethink how they connect with customers. The topic of computer viruses is touchy and consumers are wary of a barrage of pop-ups asking for money and subscription renewals.

So let competition find the real players. Build something better. Build something simple. Build something that adds value and builds a reputation of trust.

Onward and upward!

 

Photo credit: Intel Free Press via Creative Commons