IF the people in charge are asking for it, find and suggest a solution that can do it safely.

I'm with you so far.

If they are not willing to pay for your solution, find another, albeit less safe solution and present it with a list of assumed risks. Rinse and repeat until you have a solution they are willing to pay for with risks they are accepting, then do that.

In my experience, any "solution" that you present will be understood to do everything that they wanted.

Even if you say that they cannot have X at $Y. They will give you $Y and then demand X.

When you cannot do so, a contractor will be brought in to set up a flawed implementation that will reduce your security BUT will provide X at a price point that you said could not be done.

Which is why we see this story pop up over and over and over again.

The first thought I had was that I hope they don't do it because it'll only be used to invade our privacy.

LK

We are primarily a government contractor, and our main contract had a Siebel-based client management system (only a government would have the combination of money and stupidity to invest in an ancient technology like that, but oh well), and up until late last year, we had to run IE in the lowest security mode and IE7 compatibility mode just to make the ActiveX components function. The new version is by and large HTML5 compatible, and though they recommend Firefox, we've had only a few bumps running Chrome. I doubt more than a handful of our staff even use IE now.

Yes, well, we often hurt the ones we love.

About the only place I still see IE is on some web-based applications from the late 90s thru the mid-00s that were built using IE 5 and 6's very insecure ActiveX architecture. Up until last year, we were forced to use such software on one of our government contracts, and it literally meant viewing the site in Compatibility Mode with security settings cranked down to nothing. They finally updated the underlying Siebel engine to the HTML5 version, and after that everyone just seemed to go to Chrome. I suppose at that point where we start rolling out Win10 desktops, Edge might end up being used, but I have a feeling that MS has missed the bus here, and Chrome is king.

I think Firefox dealt it the mortal blow, and then Chrome finished the job.

Perhaps that is because it was written by SS-Oberscharführer Lennart Poettering.

So you regularly float at an altitude of 20 to 100 feet, do you?

I'd say if it's over my property at a low altitude, yes, I should have the right to shoot the thing out of the sky, and further, if I can determine who was flying it, I should have the right to sue them.

Drone operators are getting an incredible sense of entitlement out of playing with their toys. I think it's time for some serious and substantial financial penalties.

Keep your fucking toy way from my fucking property.

Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.

Yep. Even easier if the information ("correct" answers) are available via Google.

But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.

Their thinking seems to be:

1. So, one username / password isn't enough.

2. A second password should be enough, but it will use the same username as in #1.

3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.

4. And entered using the same channel as #1.

Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.

The same for the "security" questions. Always completely unique.

If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.

I was just being mischievous. I think the editors are... adequate.

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

NO!!! It does NOT!!!

1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.

2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.

3. Find a bank / credit union that uses real two factor authentication.

Read carefully and you'll notice the government said he'd even have to accept the consequences of speaking out and engaging in constructive protest: they decree you can dissent against their rule, and that's well and good, as long as they can punish you for your dissent--which is precisely the situation in North Korea, where you may speak out against Kim Jong-Un, and, importantly, accept the consequences of speaking out against him.

Exactly.

If the end result of civil disobedience is the exact same in the USofA as in North Korea ... then what is the difference?

The politicians demanding martyrdom would be just as comfortable working for North Korea's government as they are working for the USofA's government.

And THAT is a very big problem.

Gamergate was ignored because gamergate is not news.

My problem with it is that even if the initial event happened EXACTLY AS CLAIMED then it is still nothing.

The "story" became the reactions to that nothing event.

And then the reactions to those reactions to that nothing event.

And now we have a post mod'ed +5 Insightful for claiming that Gamergate wasn't covered.

No kidding. They need to be dropped on to the street from a very high altitude.