By Dr. Nick van Terheyden aka Dr. Nick
Twitter: @drnic1
Host of Dr. Nick: The Incrementalist – #TheIncrementalist
Now on demand, in the lead up to BlackHat and DefCon conferences, I am talking to one of the leaders in the space of security and the innovator who created and runs the outstanding security resource HaviBeenPwned (HIBP) Troy Hunt (@TroyHunt). He is an author of multiple top-rated courses on web security on Pluralsights and highly sought after speaker.
Episode NOW on Demand
The Ethics of a Data Breach Service
We talk about the journey to this point in his career of security and how this all started in a hotel in the Philippines when he built the solution in response to frustration with the security challenges he was facing. He has thought long and hard about the ethics of building a data breach service that could be used for nefarious purposes. In fact like most things you can find Troy’s thinking in detail and publicly available in one of his many insightful posts – in this instance “The Ethics of Running a Data Breach Search Service”. Balancing the good, and incremental approach to security that lives in a simple easily accessible database and UI is hard to beat.
Returning an immediate answer to someone who literally asks the question “have I been pwned?” is enormously powerful. The immediacy of the response addresses a question that’s clearly important to them at that very moment and from a user experience perspective, you simply cannot beat it.
But there are complicating issues and Troy has and continues to work to improve the risks associated with this database and he spends a lot of time and energy validating the breach data he receives.
Passwords are Here to Stay
Listen in to find out his top piece of advice on how you should be protecting your data and services in the age of the ever-expanding number of passwords – he like the other security experts (NIST, Bruce Schneier etc) are clear that password changes should not be mandated unless there is a reason to believe the password has been compromised (and minimum password length recommendations appear unscientific and wildly inconsistent) and if you must enforce complexity rules you must also provide a way for the human brain to manage this (hint – this is not something our brains and memory are good at).
Make sure to hear his suggestions for businesses on how they should help their employees approach security and keeping everyone best prepared and the additional security requirement that should be included in every system being secured.
About the Show
For years Dr. Nick van Terheyden aka Dr. Nick, has served as a voice on the impact of new technologies on healthcare, earning a reputation as a leading authority on where the future of medicine is going. Combining powers of observation and real world experience, Dr. Nick has seen many predictions come true and makes the case that innovations in healthcare can be accomplished incrementally, not just by moonshot events. Tune in to hear Dr. Nick: The Incredmentalist and his guests discuss what the future of healthcare looks like, how we will get there, and what it will take to improve healthcare for all.
This article was originally published on the Dr. Nick – The Incrementalist blog and is republished here with permission.