TED Talks: Security

Lucy Hattersley

Friday 6 February 2015

Security sits at the heart of our online existence, protecting our privacy, our identity and sometimes our lives. These thought-provoking, inspirational and downright terrifying TED Talks show why security remains a key concern.

1) What’s wrong with your pa$$word?

Who: Lorrie Faith Cranor, Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University

The use of passwords for authorisation is an ancient and, it seems, enduring practice. The password sits at the heart of security in the digital age, allowing (or blocking) individuals’ access to data and services.

“Unfortunately, we do not have much data on the passwords users choose,” says Cranor. The National Institute of Standards and Technology (NIST), in the U.S., wants to obtain more data on the passwords users actually choose but system administrators are understandably reluctant to reveal password data to others.

Cranor is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering master’s programme. Where others saw this as a problem, her research team looked at it as an opportunity. They have made it their mission to obtain good password data.

In her intriguing TED talk, Cranor explains how they went about gathering data on thousands of passwords, and why people choose the passwords they do. She sets about revealing the ‘black hat’ approaches to cracking passwords, and what really goes into creating a strong password. This TED talk should be required viewing for anybody who manages organisational security.

Few areas of computing have as many urban myths as password strength, and the answers revealed at Carnegie Mellon University are surprising, enlightening and tremendously useful. “I know a lot of these TED Talks are inspirational,” says Cranor, “and they make you think about nice, happy things, but when you’re creating your password, try to think about something else.” Watch this video to the end.

 

2) The security mirage

Who: Bruce Schneier: security technologist and author of Applied Cryptography

What is security? This question, posed by security guru Bruce Schneier in his philosophical TED Talk, isn’t as straightforward as you think.

“The feeling of security and the reality of security don’t always match” says Schneier. “Security is two different things: it’s a feeling, and it’s a reality. And they’re different. You could feel secure even if you’re not. And you can be secure even if you don’t feel it. Really, we have two separate concepts mapped onto the same word.”

Schneier provides some fascinating insights here for anybody who works with technology. He breaks down our relationship with security into this juxtaposition between our feelings and reality, while also making some very telling remarks about the appreciation of risk. However, he then breaks things down even further by adding a third element: our feelings vs our model of reality… vs reality itself. “‘Feeling’ and ‘model’ are in our head; reality is the outside world,” he explains. “Feeling is based on our intuition. Model is based on reason.”

There’s some pretty heady stuff in Schneier’s TED Talk, but it’s interesting to think about security from an emotional perspective (to which your customers will all surely relate). “If the market drives security,” he pursues, “and if people make trade-offs based on the feeling of security, then the smart thing for companies to do – for the economic incentive – is to make people feel secure.”

Security tends to be approached by experts from a purely rational perspective, so it’s a real eye-opener to hear it expertly discussed from the emotional standpoint of end-users.

 

3) All your devices can be hacked

Who: Avi Rubin, professor of computer science and director of Health and Medical Security Lab at Johns Hopkins University

When we think of computer security, we tend to focus on networks, servers and devices (computers and smartphones). But the world of devices is changing, and rapidly expanding. Networking technology is being embedded in everything from coffee machines to cars, and, at the dawn of the Internet of Things, we can expect networked technology in every device around us.

How secure are these devices? Not enough. Not even close to enough. This TED Talk by Avi Rubin covers the latest research into cyber-attacks from the academic research community. “They’re very interesting and scary,” says Rubin, with a considerable degree of understatement. What follows is a greatest hits of – frankly – terrifying hacks into heart pacemakers worn by patients, car braking systems while driving, and the communications equipment being used by emergency services.

“What does this all mean?” Rubin asks a stunned audience. “Well, I think that society tends to adopt technology really quickly. I love the next coolest gadget. But it’s very important – and these researchers are showing – that the developers of these things need to take security into account from the very beginning.”