Jesper's Blog

Obligatory file photo:

Welcome to Jesper Johansson's blog. This is my home for pontification on the web. In case this is your first time here, I have been working on information security for about 20 years, and have been writing and speaking on the topic for about 10. I am also a Microsoft MVP in Windows Security.
My most recent book is the Windows Server 2008 Security Resource Kit . Because I am also a scuba instructor you may find some posts related to that topic as well. Just because it took me so long to get it, I also like to say that I have a Ph.D. in Management Information Systems from the University of Minnesota.

Security is About Passwords and Credit Cards

Security is About Passwords and Credit Cards. That's what a very nice lady told me a few months ago. At first I shrugged it off. Of course security is so much more than that. As I started to process it though I realized that is exactly what it is about to end-users. They don't care about the LMCompatibilityLevel, renaming admin accounts, UAC, SafeDllSearchMode, restricted tokens, or IDM. All they care about is to keep their credit cards safe, and the way they do that is by using a password. In the end, I started writing an article on it. When I was done, it was a three-installment piece. The first one just hit the web in the July issue of TechNet Magazine. Let me know what you think.

Published Fri, Jun 20 2008 2:27 PM by jesper

Filed under: Security Pontification

Comments

# Stefaan Pouseele said on 21 June, 2008 12:58 PM

I just love it...

What I have learned in more than 30 years in ICT is that the interface User - ICT is the most important thing. KISS (keep it simple and stupid) is the keyword.

Kindly,

Stefaan

# Geo. said on 23 June, 2008 03:46 AM

I use different passwords for those very few sites that, in my opinion, require that level of security. That is probably about 10-15% of the total of all sites that ask for login details.

I use the same login details for all the rest which brings me to the point; I perceive that a major part of the problem is the plethora of sites that require login details for non-security related reasons, for example, many on-line stores require login details before they even let one view their products. Time enough for that if I decide to buy. I liken it to having to swipe a card to enter a streetfront store. There are numerous websites that require a password, etc for no apparent reason. Suffice it to say that I have reached the stage where, when I encounter such sites these days, I just go away again.

# Dmitry said on 28 June, 2008 10:38 AM

Jesper is back. Thank you for this article. It reminds me your best presentations I was listening to at TechEd(s).

Yes, end user needs is the key.Any security solution should be validated by this principle.

2Geo - these sites try to build their user base. This is normal (but sometimes can be annoying - one recent example is experts-exchange).

Search

This Blog

Home

Community

Syndication

News

The Windows Server 2008 Security Resource Kit is available!
. You can also order it as part of the whole Windows Server 2008 Resource Kit and save some money.
Or, if you need to know about Vista instead, there is:

If you need a more general approach to help you Protect Your Windows Network, there is a book for that too

There is now a mobile version of the blog.

All postings are copyright Jesper M. Johansson or Steve Riley, in the year they were made. These postings are provided "AS IS" with no warranties, and confer no rights. All postings are the sole opinions of Jesper M. Johansson or Steve Riley and do not reflect any official opinion of anyone else with whom the poster(s) are affiliated or has been affiliated in the past. Use of included code samples is permitted for non-commercial use, with no warranties of fitness express or implied. All use of any information or code snippets posted in this blog at the user's sole risk. The blog site would like to thank www.ownwebnow.com and www.exchangedefender.com for their support.

Powered by Community Server (Commercial Edition), by Telligent Systems