11:39 Microsoft has calculated change passwords unprofitable | |
| One of the basic safety tips - regularly change their passwords on different sites - is not correct from the standpoint of the user. Cormac Hurley (Cormac Herley), one of the leading researchers in Microsoft Research, published a paper in which the calculations are given by the ratio of effort and benefit from changing passwords. It turned out that this procedure will ultimately not beneficial to the user, as well as some other procedures on safety, writes the NY Times. In fact, many regular users feel it intuitively. If they have some valuable information, then why waste time and energy to defense. Now Microsoft has confirmed it officially. Security experts have long called for the formation of users and improve their literacy. Hurley argues that such an approach is fundamentally wrong. "Most of the safety tips just offer the user an unfavorable ratio of benefits to costs" - writes Cormac Hurley. According to him, are particularly stupid security measures at many sites. For example, if the sites need to periodically change your password. It is hard to imagine that know the password the attacker will wait until the password change. That is, in case of theft of the password change is almost useless, because if hacking was possible, he would have already occurred. Hurley believes that some other security measures are also disadvantageous for the user transaction, including the reading of messages in the browser on the site expired certificates when the majority of these messages do not represent a threat. According to lead researcher Microsoft, ordinary people are forced to take too many steps to protect your own computer. He said that when security measures are not met, the security experts used to talk about literacy of users, but they usually do not include the cost of their time. In their view, the user time for free. In reality, people simply unprofitable to comply with most of these complex procedures. Hurley leads such a calculation: if you take close to the minimum cost of wages, one minute a day, every day spent 200 million U.S. users, costs society about $ 16 billion a year. That is the price of requiring security professionals to comply with their procedures. It's too much. For example, annual losses of banks from phishing is about $ 60 million if forced to bank customers to spend at least a few minutes to protect against phishing, the cost of protection in the tens of times greater than any possible damage. These costs are partly borne by the banks themselves and who are forced to introduce new services and provide technical support to users on the new procedures. As a result, defense costs many times greater than the damage. Research Hurley was published at a hearing on computer security at Oxford University last autumn (PDF), but broad discussion among specialists in this theory began about a month ago after an article in TechRepublic. | |
|
| |
| Total comments: 0 | |