One of the main drawbacks to the borderless space that comprises the cloud is that of security. Recent breaches such as Heartbleed, Target and Home Depot demonstrate that crucial data – the passwords and PINs that keep the bad guys away from our money and information, need constant vigilance and upkeep, primarily in terms of keeping passwords complicated and unique.
For many, this becomes too much work, which is why the most common passwords, such as 123456 are still heavily used.
The importance of security has always been paramount, but is about to become a whole lot more critical as the Internet of Things opens the world of data up from simply PCs and phones to refrigerators, baby monitors, home automation systems and much more. With each of these items able to talk to each other across a common platform, any one simple misappropriated password attached to one device becomes the entryway that can infect an entire system, much like the hugely complex human body can be brought down by a single insect bite or infected needle.
The Open Web Application Security Project (OWASP) recently released a list of the top ten security weaknesses of the Internet of Things, which included Insecure Web Interface, Insufficient Authentication/Authorization, Lack of Transport Encryption, Insufficient Security Configurability, and Poor Physical Security.
One company that seeks to change this is Eyelock, a New York City-based company whose new product, Myris, promises to deliver secure access literally in the blink of an eye. It sells an inexpensive device that consists essentially of a mirror and a camera to read the unique pattern of a person’s iris, and can do so even if the individual is wearing glasses. Eyelock’s people state that the application can also distinguish between a real eye and a picture of an eye.
Iris and retina readers are the newest and most James Bond-like of security devices, but just below them on the glamour scale rests another concept, that of the online password keeper. Applications such as LastPass not only remember all the passwords that a user might have for his/her many applications and websites, but also generates highly complex ones consisting of numbers, letters and symbols. The idea behind LastPass is that the only password needed from this point on is the one that opens up the LastPass application itself.
Such sophisticated approaches to defending data are only as strong as the weakest link, which, as always, is the human user. From the overly simple (123456, qwerty and the actual word “password” topped the Huffington Post’s annual ranking of bad passwords for 2013), through to sloppy human usage – leaving a browser open, leaving passwords written down, or forgetting to log off – human actions will always be the ones that will leave a computer – and every single device that the computer can talk to – open and exposed.
Literacy, in the age of the Internet of Things is about information management, and this includes protection of that information.
By Steve Prentice