by Ron Daly
I came across this story the other day from Usability Post which asks "Is it time to make 'Remember Me' the default for password protected websites?" This question comes as the result of a few articles about password memory, one which asks if it's time to do away with the option of "Remember Me" and go with automatic login. Another article by web-genius Jakob Nielsen suggests we get rid of the "dots" in the password field (i.e., "Password: ******"), because doing so would increase confidence in those who have trouble with passwords and save them the trouble of copy-pasting passwords.
What do I think? No. To all of the above, I say no. No, no, no.
Maybe I'm a little kooky about auto-login and password protection standards. I have to be, it's part of my business. DigitalMailer has lots of clients to manage and those clients all fall under the heading of "information too important to compromise". So we don't use "auto-fill" here, we don't use "save password/remember me" fields, we don't have "oops, I forgot" lists for passwords - none of that. We don't do those things because we value our client's safety. I don't know that it's such a great idea to do with your OWN information, either.
Continue reading "Should Online Acquaintance Be Forgot? We Think So. " »
by Ron Daly
When you work in online services, issues of trust and reliability are on the forefront of any discussion you have about your product and how it will be perceived by users. E-mail marketing, for example, suffers from the perception that messages sent won't make it to the inbox. DigitalMailer's spent nine years getting white listed by the largest ISPs in the world, so we can answer most critics with a high rate of delivery and a set of standards and best practices that keep words like SPAM out of our vocabulary.
Ebay, Amazon, Netflix, - they all had to take into account that they'd be doing business behind a curtain. When you buy from someone online, whether they're the vendor or they're acting as a middle-man, they would need to establish privacy regulations and a level of dependability in their services.
What if the system worked both ways?
Continue reading "Can I See Your ID?" »
by Jimmy Marks
I've written articles about password troubles before, but when it comes to any security smarter than that, I defer to those of greater experience.
Ron, for instance, looks at the break-in from the POV of a former credit union CFO. He wrote a good article yesterday for CU Soapbox (
click here). An excerpt:
...I've had small breaks (80 member accounts affected) and fairly big breaks (400 member accounts affected). There's the estimated ~$15 you spend reissuing cards and closing accounts. And then there's the ~$10 you spend on credit monitoring on the accounts. That's ~$25 per account, so at worst it's about $10,000 that I've had to account for after a breach. And that's why, recently, there's a thought that's been troubling me.
The thought that the breach of Heartland Payment Systems has the potential to affect up to 100 million accounts. Click here for the CU Journal article.
100 million! One. Hundred. Million. I'm hoping the math makes sense for you here, because 100 million times $25 equals $2.5 BILLION. In losses and monitoring and trouble and waste.
It's a troubling aspect, that you'd be costing millions, if not billions, in damages.
Rob had some issues with the break-in, too. Being the CIO/Security Specialist at DigitalMailer, he knows a thing or two (or two million, really) about security standards.
Continue reading "The Heartland Hack and You" »
