The New York Times, January 6th, 2018 featured an article by UNC Associate Professor Zeynep Tufekci alerting readers about recently revealed computer chip flaws. In short, the “pre-fetch function,” crafted back in the day when machines were seeking every bit of speed possible, creates serious vulnerabilities for MAC and Windows computers now.  The news isn’t intended to cause panic – although it probably will boost hardware sales since newer machines will be soon be available with a built-in “fix”. Actual chips are required since the solution is not as simple as a software update.

The last time the public became aware of a major chip failure was the esoteric Intel math error that plagued 386 and 486 era computers. Given it was a “floating point precision” problem, very few general users rushed out to purchase new Pentiums.

The suggestion in the piece is manufacturers should be held responsible for the “pre-fetch” security susceptibility. Quoting Professor Tufekci: “As things stand, we suffer through hack after hack, security failure after security failure. If commercial airplanes fell out of the sky regularly, we wouldn’t just shrug. We would invest in understanding flight dynamics, hold companies accountable that did not use established safety procedures, and dissect and learn from new incidents that caught us by surprise.”

How ironic a similar insight doesn’t extend to web sites allowing ridiculously weak authentication. While awareness has slowly been improved, way too many permitted credentials are created with common words. Hacker dictionaries detect patterns (words) in world languages with ease. Just as quickly as a spell checker flags a specific sequence of letters, “joesentme” is recognized. Even adding numbers is not sufficient. To be truly challenging, the use of symbols is crucial. And yet, how many websites reject symbols or only accept a limited subset instead of supporting the full N.I.S.T set? If the character appears on the keyboard, it should be approved as part of a password. The argument such complex combinations are inconvenient is criminal given the number of breaches  daily. And “inconvenient” is a non issue when remembering the code is unnecessary.

FaceGuard assures you can “Forget Passwords… Recognize Familiar Faces!” No business or user need settle for feeble protection. And that translates to websites encouraging – or even requiring – fully N.I.S.T. compliant, complex combinations of upper and lowercase letters, as well as numbers, plus the full set of authorized symbols. The key is end the vulnerability – just like fixing the chip; but the FaceGuard solution is even easier and costs nothing. No retooling required; the challenge of finding a family member or friend in a crowd is fun, fast, unforgettable and free.

It’s unlikely your digital device will actual meltdown. The possibility you will forget a password without FaceGuard? No pre-fetch function or floating point precision required to figure that answer out – most honest people admit it’s about 100%.

security-risk-management-where-companies-fail-and-succeed