Security in the real world

One key focus of this blog will be security in the real world. How to implement security in a realistic and effective manner. One of the major problems with security today is the inappropriate knee-jerk reaction to security vulnerabilities. We find that security responses often:

  • respond to the wrong threat
  • respond in a way that is ineffective
  • respond in a way that feels good, without providing a valid return on your security investment

We intend to address how to overcome the knee-jerk reaction and engineer security that actually works.


Real Post

The process of creating this blog has been far easier than anticipated. Since this is working so well, we will begin posting information of importance.

This blog will be devoted to information security and security engineering and will present commentary on:

  • the state of the art in information security
  • how to engineer security
  • how to improve the state of security for the common good
I hope that you enjoy this blog and I trust that the information here will improve your security.




Passwords, Part 3 - Examples

For more info about passwords and the basis of the following example, see Passwords, Part 1 and Passwords, Part 2.

William Tell, web-surfer extraordinaire, has 20 accounts that he uses.

Work account: William might use the following password, which he changes every 30 to 60 days: m@rNc$act0

Financial/Banking/Home Computer Accounts: William likely has the following web accounts with these passwords, which he changes every 30 to 90 days

  • Bank: Mortgage - t*1rFlt>
  • Bank: Checking - eCs$h@oF
  • Bank: Credit Card - r2aiNa&o
  • Home Computer - iAt+d{mp
  • Amazon - bPa2fFa=
High Use/Low financial risk: William may use the same password or a very similar password for all of these types of websites and may only change it twice a year.
  • New York Times website - t^pl*iUh
  • Slashdot forums website - t^pl*1Uh
  • Firefox forums website - t^pl*iUh
  • InfoSec website - t^pl*1Uh
Low use/No financial risk: In this case William would likely use the exact same very simple password over and over and would likely never come back to change it.
  • One time only website - cl2938vl
  • I was really bored and not sure why I signed onto this website - cl2938vl
  • I needed a piece of info, but don't plan on going back website- cl2938vl
  • etc - cl2938vl
Hoping this helps you avoid password pain.


Contact Me

oKAMi Information Security can be contacted at:

chalmer.lowe at gmail.com
I look forward to hearing from you.