Is your head bleeding? Is your heart bleeding?
Here’s my thought (and, I say this with full disclosure that I am no IT expert and have limited knowledge of the hacking space beyond a personal interest in better understanding technology – peace and love… peace and love…), but the process of text-based passwords needs to be tossed out. It just has to happen. We’re all still trying to understand what the ramifications are of this nefarious Heartbleed bug is, and what it all means. Right now, some of the most frequently and commonly used online tools and sites are asking all of their users to change their passwords because of this bug. Some of these places are uncertain as to whether or not they have been hit, so changing your password before these services update their own systems with a fix would be a big mistake. The best source to sort this all out, for my dollar, has been this Mashable page: The Heartbleed Hit List: The Passwords You Need to Change Right Now.
Why this is so important to talk about for marketers?
The brands that win are the brands that can be trusted. Problems like Heartbleed erode the public’s trust. This is problematic on many levels. On top of this, while we can simply acknowledge that technology has these types of bugs, viruses and hiccups that come from a myriad of directions, let’s admit it: human beings are lazy (I know that I am) and while it’s a massive pain to go back and change the passwords on all of these platforms, it’s getting increasingly more frustrating because you then need to remember them all, store them in a safe place, and re-enter them all across multiple devices (computers, laptops, smartphones and tablets). From there, if you’re using any of the tools that enable you to share content through social media channels (Buffer app and others come to mind), you need to re-input and re-authorize the apps in there as well. Uch.
It’s like a full time job to manage this stuff, isn’t it?
It gets worse. Last night, the Wall Street Journal reported that Heartbleed may have infiltrated some of the Cisco and Juniper Networks equipment as well. That’s not good. It means that hackers might be able to snag user names, passwords and other sensitive information as it moves across the corporate and home networks and routers on the Internet. So, you could change your passwords and then fall prey to hackers simply because your hardware (or a network along the way) has not cleaned up the bug yet. What a mess.
Blame the passwords.
These systems were built in a such a way that invites problems and challenges. Technology is doing a ton of things these days that it was never intended to do. I don’t think anyone would argue that the Internet was not intended to do everything that it is doing today. Many would argue that even having a commercial Internet is – in and of itself – something that was never truly supposed to be. Part of fixing these issues from a consumer experience perspective means removing the friction. Making it easier for people to connect and share is paramount to the continued growth and development of these channels. This means that we need to fix this whole password issue.
Some thoughts on a better way to connect.
I read with interest The Globe And Mail article published yesterday, Fed up with passwords? These tech experts are seeking alternatives. From the article: "Quietly, a movement is taking shape within the technology industry to finally kill off the traditional password – driven not only by growing consumer outcry, but also the twin scandals of high-profile hacking incidents that exposed customer information at major corporations such as Target, as well as the Edward Snowden revelations about the extent of digital government surveillance. The flaws of traditional computer security once again came under the public spotlight this week, after security experts revealed the existence of a flaw called ‘Heartbleed.’ The bug, considered one of the most significant security weaknesses in recent history, Heartbleed affects the encryption used to protect some of the most sensitive data on the Internet, including passwords and personal information." The news item goes on to source several interesting technology companies that are working to replace text passwords with things like fingerprint readers, voice recognition engines and even heart rhythm monitors.
Organic solutions to technical challenges.
In short, we need to use the small things that make us individuals unique from one another as the way in which to secure the content, flow and information we connect with. Thinking that this problem can simply be brushed beneath the carpet is a massive mistake (as the world is finding out this week). We jokingly make our passwords simple for us to remember, but in doing so expose our most personal information in a very profound way. We seriously make our passwords complex, so that no one can hack into it and we wind up up forgetting them or being frustrated every time we have to input them. Thankfully, there are apps like 1Password and LastPass that manages the myriad of passwords and devices that we have, and they have not been affected by this bug (at this time), but who knows? One thing is for certain: perhaps Heartbleed brought the importance of passwords and consumer protection to the top of our minds… and that’s probably a good thing.
I’d love to know what your thoughts on the trouble with passwords.
One of the scariest parts of this is to me is that Tor relies on SSL.. though it uses a complicated implementation… if you’re say.. in Iran, and you don’t want the government to know you’re doing whatever… the bug could have leaked everything the government would need to know who you are.
I mean.. if Iran is doing the same thing the NSA is doing… recording everything.. they would have recorded what was leaked by the bug.. which would then allow them to decrypt 2 years worth of encrypted data that was reliant on stuff the bug let out…
I hear the NSA was aware, and was exploiting, this bug.
I’ve been making a study of security since shortly before the NSA revelations.. and..
My belief is that there’s a fundamental tension between security and user experience design.. and just the ease of making software work. In a very fundamental way security has been at the bottom of everybody’s priority list since since the dawn of computing…
With the rising risks of cyber war / cyber terrorism / cyber crime / and your own government.. the way law makers don’t understand the technology… the way technology moves faster then law / rule sets… and all the civil liberty issues.. never mind big data and blah blah blah..
We just have a lot of things to wake up to and change I guess?