Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: How To Securely Share Passwords?

michaelaiello LifeEnsured ftw (402 comments)

I run a company http://www.lifeensured.com/ that exist for the explicit purpose of preventing these kinds of issues when someone passes away. We've got several happy customers, are backed by an irrevocable trust and get a feed of people who have passed away from the social security administration (in addition to letting people select someone to verify that they have passed away)

We've also put together http://www.deceasedaccount.com/ where we reviewed all of the privacy policies for major sites and pulled out the processes they require if someone passes away. We also had a lawyer pull relevant laws which you can use to help get access to things from internet companies if you are having trouble.

For the security minded. When we take a password, it is encrypted with a 2048 bit public key. The private key is stored offline. We only decrepit passwords when we have verified one of our clients has passed away and the process involves a human who has undergone a background check.

more than 2 years ago
top

Are IT Security Professionals Less Happy?

michaelaiello Be a doctor, not a cop. (363 comments)

I work in IT security for a large financial firm. We've spent a good amount of time convincing the development community and the business that security is THEIR responsibility and have built processes to reinforce this (i.e. if folks want to do truly risky things, we can make them go get signoff from senior management). With check in place, I feel we take the approach of "doctors" for applications/architectures.

Dev team is building a new architecture to trade with an exchange? They ask us to review their architecture before they build (sort of like a checkup before going to climb a very dangerous Mt. Everest).

User accidentally e-mails confidential information to the wrong counterparty? We help them work with legal to get things cleared up, give training on appropriate data handling and add client controls to their outlook. (I.e. tell a kid not to run with scissors, take away the scissors and put band aids on the wounds)

In this light, I feel I'm proactively helping folks and treating those who have run intro trouble. Security folks are able to have a broad view of the solutions available to common problems (even outside of security) and teams get value out of this. I've even had folks say (and mean) thanks after meetings that involved them totally re-architecting their application. With the right approach, you can be more than a roadblock...

about 6 years ago

Submissions

michaelaiello hasn't submitted any stories.

Journals

michaelaiello has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>