×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: How To Securely Share Passwords?

michaelaiello LifeEnsured ftw (402 comments)

I run a company http://www.lifeensured.com/ that exist for the explicit purpose of preventing these kinds of issues when someone passes away. We've got several happy customers, are backed by an irrevocable trust and get a feed of people who have passed away from the social security administration (in addition to letting people select someone to verify that they have passed away)

We've also put together http://www.deceasedaccount.com/ where we reviewed all of the privacy policies for major sites and pulled out the processes they require if someone passes away. We also had a lawyer pull relevant laws which you can use to help get access to things from internet companies if you are having trouble.

For the security minded. When we take a password, it is encrypted with a 2048 bit public key. The private key is stored offline. We only decrepit passwords when we have verified one of our clients has passed away and the process involves a human who has undergone a background check.

more than 3 years ago
top

Are IT Security Professionals Less Happy?

michaelaiello Be a doctor, not a cop. (363 comments)

I work in IT security for a large financial firm. We've spent a good amount of time convincing the development community and the business that security is THEIR responsibility and have built processes to reinforce this (i.e. if folks want to do truly risky things, we can make them go get signoff from senior management). With check in place, I feel we take the approach of "doctors" for applications/architectures.

Dev team is building a new architecture to trade with an exchange? They ask us to review their architecture before they build (sort of like a checkup before going to climb a very dangerous Mt. Everest).

User accidentally e-mails confidential information to the wrong counterparty? We help them work with legal to get things cleared up, give training on appropriate data handling and add client controls to their outlook. (I.e. tell a kid not to run with scissors, take away the scissors and put band aids on the wounds)

In this light, I feel I'm proactively helping folks and treating those who have run intro trouble. Security folks are able to have a broad view of the solutions available to common problems (even outside of security) and teams get value out of this. I've even had folks say (and mean) thanks after meetings that involved them totally re-architecting their application. With the right approach, you can be more than a roadblock...

more than 6 years ago

Submissions

michaelaiello hasn't submitted any stories.

Journals

michaelaiello has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?