Denim Group has been acquired by Coalfire. Learn More>>

Bruce Schneier Freakonomics Q & A

By Erhan K.

Last week, the Steven Dubner (co-author of Freakonomics) solicited Bruce Schneier on his New York Times blog to answer security questions left by the blog’s readers. As you may expect, many were from an economic perspective. Earlier this week, incredibly, he answered nearly all of the 36 questions left in the comments section, almost all in detail. His answers, which range from why crime (usually) doesn’t pay to what the technological world will be like in 50 years, are here.

One important point he makes is where he discusses memorizing passwords. In effect, he says the best way to store passwords is write them down on a “bit of paper”, since we already know how to secure that—keep it in your wallet. This makes a lot of sense when one realizes that nearly every site, from your bank to your webmail provider to your favorite blog requires you to create a username/password pair. In a recent poll, one quarter of all people asked stated they use the same password for all websites. If response bias existed in the poll (who wants to admit they use one password?), that number is likely a lot larger. Password security is a large issue, covering database integrity, communications security, and even HCI. Thus, it’s important to be reminded that sometimes a low-tech solution—write complicated passwords on a piece of paper—can do wonders.


About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *