If you’re like me, every time some Web site’s security protocol forces you to use numbers in your password, you fantasize about reaching through the screen and throttling the site administrator.
Well, we apparently have the right idea (not about the throttling). According to the Boston Globe, a new study — the first of its kind — demonstrates what a lot of us have known intuitively: Most of the Common Sense About Internet Security is wrong. The chance of a hacker stealing your Amazon password is not much reduced by changing it every month, as some IT professionals recommend.
In fact, online security in general could use a healthy cost/benefit analysis.
It’s not that Herley believes we should give up on protecting our computers from being hijacked or corrupted simply because safety measures consume time. The problem, he said, is that users are being asked to take too many steps, and more are constantly being added as new threats emerge or evolve. Security professionals have generally assumed that users can’t have too much knowledge in the battle against cyber crime. But that fails to take into account a crucial part of the equation, according to Herley: the worth of users’ time.
“A lot of advice makes sense only if we think user time has no value,” he said.
Not all of the security advice is bad, of course. Herley says there are a few things you can do easily to significantly reduce your online risk:
Start with bullet-proof passwords, he said, even if your employer requires you to periodically reinvent them or use too many… Beyond that, he is big on one-time measures that offer ongoing benefits, like installing the latest software to shield against viruses and spyware (set it to automatically update). Two-thirds of computers have outdated software protection, according to a Microsoft spokesman. The company also recommends activating a firewall, which “functions like a moat around a castle.” Combined, such measures shouldn’t take more than 30 minutes…