Seite - 254 - in The Future of Software Quality Assurance

254 K. Yorkston 7 AboutUsernames But passphrases are only half the battle. What about usernames? How many people have a common username (usually an email address) across many different websites? It’s interesting, in that often we are asked to input our email address for access to a catalogue or whitepaper. Or “Join for free” to receive great discounts. Or join with your Google or Facebook account. This can spread your information far and wide. And, if one of those sites you fed your details into is attacked, and your user credentials stolen, the impact could be much wider. Now, your email could go into that list of addresses targeted for attackers to use in phishing attacks. Some methods to avoid this include using a short-term mail service like 10minutemail.com10 for thosesites thatmail a link to thedownloadyou’reafter,or havingmultiplemail accounts (Gmail/Hotmail/etc.) touse forvarioussite logins. 8 Conclusions Am I being paranoid?My kidsabound in their father’s allegedparanoia,extending to my son’s custom-made tinfoil hats, or my wife asking why we need multiple broadbandaccounts.But, as Philip K Dick11 oncesaid, “Strangehow paranoiacan linkupwith realitynowand then . . .”. Once an attack has been made, and data lost, there is the aftermath. The embarrassment for those who fell for the attack, and the looks they now get from colleagues around the office. Another danger present is a phenomenoncalled “Monday’s Expert”. After an event, everyone sees the mistakes that were made when pointed out. Think about that sports programme where each week the panel look at the weekend’sgames. Of course that player was offside/onside/committing a foul/notcommittinga foul/over the line/shortof the line. It’sblatantwhenwe are shown the multitude of slow motion high-definition camera views, complete with added computer graphics. How did the referee miss that? We can, from a security point-of-view,fall victim to “it could neverhappen to me”, as we roll our eyes and say knowingly to colleagues beside the water cooler “How could they ever let that happen?” But, play the event backat regular speed. Would youmake the right/same/a dif- ferentdecision?Wemustappreciate thatwhenfacedwithadecision,peoplealways have the optionof choosing the right/wrong/sub-optimal/adifferentoutcome.They may not have enough information or knowledge of the background situation, and yet are asked to make that decision RIGHT NOW. That is where training can help. 10https://10minutemail.com/10MinuteMail/index.html 11American science fiction writer, whose books were the basis for such films as Bladerunner, MinorityReport, TotalRecall and The Man in theHigh Castle.