- Joined
- Dec 8, 2009
- Messages
- 453
- Reaction score
- 10
- Points
- 18
- Location
- The same as Sheldon Cooper - East Texas
- Your Mac's Specs
- iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
If I had anything to do with an IT department now, the first questions at the monday morning meeting would be about security. Are all patches on, has every server been checked to see if one is missed, firewall up to date and so forth. Seeing the chaos of someone heisting a data file from just a game company, what is going to happen when a group penetrates the Federal Reserve or the core of a major bank. (You know. One that is Too Big To Fail.)
I have used an online trading company for years, and they have good security - at least on the customer end. My password there is massive and uses weird characters seldom seen outside of a programming script. And they tend to get paranoid if they see a different PC accessing the same account.
So, I needed to create an account at another one of the largest mutual and stock trading companies in the world. More to the point, they have a lot of my money. Everything went great until I fed it the new password that I had made up. One guaranteed to resist the cracking attempts of the new quantum computers that the hackers will soon have.
A problem. Error! No special characters are allowed! WTH? That is a security 101 item.
Ok, I'll brute force it by making a really long one.
Error! Sorry, passwords have to be twelve characters or less. That floored me. That is a security kindergarden no-no.
So, we have a company who does most of their business with customers via the Internet, holding a trillion dollars of customer's money (not all of that is mine) and requires their users create a password that would stand up against a single PC with a rainbow table for how long? 1 second? 5 seconds? 8 milliseconds?
An email to the company asking how long it had been since their chief security officer had gotten his GED has gone unanswered.
But my money is leaving them as fast as practicable.
I have used an online trading company for years, and they have good security - at least on the customer end. My password there is massive and uses weird characters seldom seen outside of a programming script. And they tend to get paranoid if they see a different PC accessing the same account.
So, I needed to create an account at another one of the largest mutual and stock trading companies in the world. More to the point, they have a lot of my money. Everything went great until I fed it the new password that I had made up. One guaranteed to resist the cracking attempts of the new quantum computers that the hackers will soon have.
A problem. Error! No special characters are allowed! WTH? That is a security 101 item.
Ok, I'll brute force it by making a really long one.
Error! Sorry, passwords have to be twelve characters or less. That floored me. That is a security kindergarden no-no.
So, we have a company who does most of their business with customers via the Internet, holding a trillion dollars of customer's money (not all of that is mine) and requires their users create a password that would stand up against a single PC with a rainbow table for how long? 1 second? 5 seconds? 8 milliseconds?
An email to the company asking how long it had been since their chief security officer had gotten his GED has gone unanswered.
But my money is leaving them as fast as practicable.