Cybersecurity Torments

May. 26th, 2025 04:06 pm
aggienaut: (Default)
[personal profile] aggienaut

I've had a general disagreement with "cybersecurity experts" for awhile now, and its lately been exacerbated by working for the state government. Because cybersecurity hinges on a knowledge of computers and programming that might as well to be sorcery to those who don't specialize in it, I think they've been allowed to run unchecked by the basic thought processes of reasonableness that govern other functions.

Namely, these cybersecurity folks think up every possible conceivable way they could make it harder for an unauthorized person to log in to something, but they don't take into account any sort of cost/benefit analysis, either in terms of money or even security.

By which I mean, for example, a password that's a jumble of letters numbers and symbols is maybe hard to guess, sure, but its also impossible to remember, forcing people to either write these passwords on a physical paper on their desk (often taped to the monitor), or save them all to the computer, so that if someone does physically gain access to your desk its all perfectly smooth sailing in from there. Comparatively remembering one to three words is a synch and the odds of someone getting a program hooked up to your access and cycling through every word combination till they come up with it without setting off other alarms is infitesimally small. The requirement to have at least one number and symbol in the password makes it impossible to do this without at least some hard to remember symbology being added.

As I said working for the government has made that more difficult. One has to log in to one's devices, and also the microsoft network, wit so many different log ins and multi factor authentications that most of my coworkers don't actually use their work phones. I use mine to make work related calls but it logged itself out of the microsoft network and I can't be bothered to fight WW3 all over again to get it back on so it's no teams for me via phone.

Also the pin number needs to be reset every three months. I don't know what the cybersecurity goons think is happening here, does some malicious actor physically gain access to my phone for 10 minutes a week and systematically try numbers and we need to stay ahead of him? The only real result of this is while I was able to use genuinely nearly-impossible-to-guess number combinations I could remember for the first two iterations but after that I obviously have had to resort to other numbers I could reel off from memory which are inevitably going to be phone numbers or birthdays and much much much easier to guess than the basically impossible original numbers (and no it won't let me repeat a number I had had before, god forbid).

I was traveling for work this past week and thouguht I'd take my work ipad to travel light. But after three incorrect login attempts it locks me out for awhile, and when I finally got in it told me it was time for me to change the password again, in fact wouldn't let me do anything until I did so, but wanted me to enter the current passcode before setting a new one and .... yep, I failed it three times again and got locked out. (so went the week without using the ipad)

Like, seriously, this is unreasonable.

I'm happy for added security to enter my bank account, but other than that, including for work, there's simply no risk that even remotely equals the added amount of frustration all these impossible-to-remember multi factor authentication things are burdening me with.

Cycling back to the beginning of this, the cybersecurity wizards think up a way something can be "more secure" but they don't think about whether it addresses a realistic danger or do any cost benefit analysis on user burden vs security. They pitch it via powerpoint to the suits, who live on cost benefit analyses but they don't math the use burden, just that it could save them "billions" (the cyber-druid no doubt pitches them worst case the-whole-company-data-is-ransomwared case) and the trouble any individual user is caused by it doesn't add up as a cost to them, so they give the security warlock the go ahead to torment all the staff with it. Staff end up taping passwords to monitors or using their wife's phone number as the pin code, making it easier for someone genuinely bent on hacking the computer to actually do so, but the nocturnal socially maladjusted cybersecurity witchdoctors don't concern themselves with that. Frankly I think a majority of them got a certification in cybersecurity from the grand dragon of cybersecurity professionals and is far more concerned with lording their knowledge over the IT-muggles than actually critically thinking about the whole thing.

  • Current Music: Firewater - Dark Days Indeed
  • Add Memory
  • Share This Entry
This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting
 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

aggienaut: (Default)
Aggienaut
Bee Aid International

July 2025

S M T W T F S
  12345
6789 1011 12
13141516171819
20212223242526
2728293031  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 13th, 2025 05:00 pm
Powered by Dreamwidth Studios