Planning for the worst
The New York Times quietly announced
a positive new security measure yesterday. Its Lock & Key system will keep an eye on public dumps of stolen usernames and passwords, and if any match your New York Times login, they’ll let you know and make you change your password.
In other words, if you’re using the same password across multiple services (not advisable), this makes you that little bit safer.
It doesn’t sound like that much of a big deal on its own, but it made me think about how too much online security work is reactive, rather than preventative.
That’s the kind of flaw that shouldn’t make it past the earliest stages of development. How did no-one at Polar think about that potential problem? Software developers have lots of different priorities to juggle, but security should underpin them all. It’s in the best interests of users, and also the software publisher’s legal budget.
I’m generally an optimist, but when it comes to planning or developing anything involving the public, I always assume the worst outcome. It probably won’t happen, but at least you’ll be prepared if it does.