Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'authentication'


All Your Phone Books Are Belong To Us

by Jay Heiser  |  October 6, 2014  |  Comments Off

We do not need to protect more data; we need to protect less.

Comments Off

Category: risk management security     Tags: , , , , ,

May the Farce Be With You: pretend-complex passwords

by Jay Heiser  |  August 8, 2012  |  Comments Off

I was recently forced to change my password on a UK pension system, and my first 4 password offerings were unacceptable. I was baffled as to what part of the password didn’t meet the requirements.  Today, I needed to login and review a pay stub, had to reset my password, and the exact same thing […]

Comments Off

Category: Cloud security     Tags: , , , ,

Passwords are dead; long live the password

by Jay Heiser  |  August 1, 2012  |  1 Comment

I spent a frustrating 5 minutes this weekend enduring a forced password change on a retirement account containing $400. I was sure that the randomly generated and completely unmemorizable string my password utility came up with exceeded 7 characters, contained upper and lower case letters, at least 1 number, and a special character. It finally […]

1 Comment »

Category: security     Tags: , , , , , ,

Are your executives ‘privileged users’?

by Jay Heiser  |  February 14, 2012  |  Comments Off

While I would hope that the CEO of a major technology firm (albeit a somewhat diminished firm in this case) does not have a copy of the root password, the idea of ‘executive privilege’ maybe needs to be rethought.

Comments Off

Category: security     Tags: , ,

Oops there goes another credit card down.

by Jay Heiser  |  September 27, 2011  |  Comments Off

Its been just shy of a year and a half since one of my financial service firms has cancelled one of my credit cards, so I was probably past due.  I was able to tank up at the start of a multi-state trip this weekend, but by the time I was ready for a refill, […]

Comments Off

Category: security     Tags: , , ,

Time for a rant about passwords

by Jay Heiser  |  May 13, 2011  |  Comments Off

How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.

Comments Off

Category: risk management security     Tags: , , , , , , ,