PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Key Quotes from BREACHED!

Breached - Solove and Hartzog 11

Professor Woodrow Hartzog and I selected some key quotes from our new book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022). Website for Breached!  Breached! Amazon Page Download Chapter 1 for free The Law’s Obsessive and Unproductive Focus on Data Breaches “Too much of the current law of data security […]

Cartoon: Dark Web

Cartoon Dark Web - TeachPrivacy Security Training 03 medium

I hope you enjoy my latest cartoon about passwords on the Dark Web.  These days, it seems, login credentials and other personal data are routinely stocking the shelves of the Dark Web.  Last year, a hacker was peddling 117 million LinkedIn user email and passwords. And, late last year, researchers found a file with 1.4 billion passwords […]

Epilogue to the St. Louis Cardinals Baseball Hacking Case

St Louis Cardinals Hacking Baseball

A while ago, I wrote about a case involving a member of the St. Louis Cardinals baseball team staff who improperly accessed a database of the Houston Astros.   There is now an epilogue to report in the case.  The individual who engaged in the illegal access — a scouting director named Chris Correa — […]

The Funniest Password Recovery Questions and Why Even These Don’t Work

Passwords

  A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are: In what city were you born? What is your mother’s maiden name? Where did you go to high school?

Passwords Cartoon – Security Awareness Training

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing.

What Can We Learn From Bad Passwords?

By Daniel J. Solove The SplashData annual list of the 25 most widely used bad passwords recently was posted for passwords used in 2015.  The list is compiled annually by examining passwords leaked during a particular year.  Here is the list of passwords for 2015, and below it, I have some thoughts and reactions to […]

Start with Security: The FTC’s Data Security Guidance

Recently, the FTC issued a short guide to what organizations can do to protect data security.  It is called Start with Security  (HTML) — a PDF version is here.  This document provides a very clear and straightforward discussion of 10 good information security measures.  It uses examples from FTC cases.

Should the FTC Kill the Password? The Case for Better Authentication

Co-authored by Professor Woodrow Hartzog. Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being […]

Mr. Robot: My Review of the New TV Series

by Daniel J. Solove I’ve really been enjoying the new TV series Mr. Robot on USA. Network.  It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security  geeks. The protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City.  […]

Troublesome Password Practices and the Need for Data Security Training

By Daniel J. Solove A recent study by TeleSign revealed that many people engage in some troublesome password practices. Some of the most alarming findings from the report include: — 73% of accounts use duplicate passwords. — Nearly half of consumers have a password they haven’t changed in 5+ years — “Consumers have an average […]