//
you're reading...
Uncategorized

Security through ignorance


After posting the blog “Mint.com asks the unthinkable – my bank account password“, I got a number of replies trying to justify why Mint’s asking for the username and the password of every bank account is not a big problem.

The justifications go along these lines:

  • They have top notch, bank-level, biggest-and-baddest security and protection
  • They are so big, have so many resources, and have so much to lose, that they’ll fight to the death to prevent a successful hack
  • They have a similar risk profile and implementations as other trusted solutions
  • The risk of the data being stolen from Mint is so low to be virtually zero

While all of the above may be true, there is still a non-zero chance that data breach may occur and those usernames and passwords may end up in the wrong hands.

If, on the other hand, Mint did not ask for and did not store the passwords, there would be exactly zero chance that a breach of Mint’s security would compromise the passwords.

No secrets sign

You simply cannot divulge a secret you don’t know

So, when you create a system, design it in a way that it does not need to know or store secrets.

Only then would you be able to guarantee 100% security, instead of having to explain and caveat the system’ s security strengths through statements (like this one) talking about “bank-level”, “guards”, and “mantraps”.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: