The Business of Cybersecurity

Austin Berglas, Morgan Mayhem, and Jim Stickley discuss the money behind cybersecurity—how safe is your smartphone, and how much money are we spending to keep you, and the world, safe from computer crime.

Transcript
Close Disclaimer
The material provided on this website is for informational use only and is not intended for financial or investment advice. Bank of America and/or its affiliates, and Khan Academy, assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional when making decisions regarding your financial or investment options.
Close Transcript

What is a brute force crack?

Basically it’s running a program

that will run all the digits
of your password through,

like a dictionary, until
it comes to the actual solution.

So is this a simple password or
a complex password, this one here?

- It’s very simple.
- It is.

Really? So can you give me
an example of a complex password?

Is that when they ask
you to use an asterisk

and an upper case and lower case?

Sure. Prevailing wisdom these days

is that you should actually start
thinking in terms of passphrases

rather than passwords.

Okay.

And so, for instance,
the passphrase, like,

horsecupshoeshininglight,

for instance, a bunch of
seriously unrelated words

that comprise, you know,
maybe four or five of them,

there’s actually a password
program called Diceware

that will actually help
you choose these things.

And so, I mean, you
can provide yourself with

the ability to memorize
a passphrase relatively easily

and it’s far more difficult than
seven alphanumeric characters.

Jim, what about security questions?

Can they help as well?

Because I’ve heard
it’s a good idea to,

say the security question is “What
was your mother’s maiden name?”

to set the answer to that

to be the answer to
a completely different question

like your date of birth.

For sure, you know, especially
your mother’s maiden name,

you can go to a genealogy site

and find those out
pretty quick on people.

But there’s another
thing you can do

that’ll allow you
to go to any site,

have it always be unique and
still be kind of easy to remember.

Come up with your set password,
have it be eight characters, crazy,

upper case, lower case,
whatever it is,

and then look at the domain name
from where you’re at

and come up with your algorithm
of what you’re going to use.

So let’s say it’s Amazon.

I’m going to use the first
letter and the last letter

of that domain name,

and from that point on,
every site I go to,

I’ll always add the first and
last letter of the domain in

at the end of my password.

So now, every site I go to,
my password will always be unique,

and yet for me, it’ll be easy
for me to remember it

because all I have to do
is look at the domain name

and I know whatever
it is right off of that.

What if someone went
through my phone, right?

That is actually a far, far more
invasive level of information

than you could actually find
going through my bedroom now.

What if you were a pediatrician and
you were taking photos of children

and had child pornography
on your phone?

What if I was?
That would be bad.

Right.

I mean, I’m sorry, is this the
“Think of the children” argument?

But I have no interest
in looking at your phone

if I don’t think you’re
doing anything criminal?

Right, but so, I mean,

does that mean that
you should gather data

about my online activities

just to reassure yourself
that I’m not a pedophile?

I mean, there’s a friction there

between transparency required to
have public trust in your actions

and then, you know, obviously
keeping espionage a secret.

Right, and I think that’s
the crux of the issue, it’s,

we can’t release
everything that you’re doing

unless it’s not
going to work, right?

You can’t surveil
somebody for six weeks

if you’re telling them
that you’re surveilling them.

What is a brute force crack?

Basically it’s running a program

that will run all the digits
of your password through,

like a dictionary, until
it comes to the actual solution.

So is this a simple password or
a complex password, this one here?

- It’s very simple.
- It is.

Really? So can you give me
an example of a complex password?

Is that when they ask
you to use an asterisk

and an upper case and lower case?

Sure. Prevailing wisdom these days

is that you should actually start
thinking in terms of passphrases

rather than passwords.

Okay.

And so, for instance,
the passphrase, like,

horsecupshoeshininglight,

for instance, a bunch of
seriously unrelated words

that comprise, you know,
maybe four or five of them,

there’s actually a password
program called Diceware

that will actually help
you choose these things.

And so, I mean, you
can provide yourself with

the ability to memorize
a passphrase relatively easily

and it’s far more difficult than
seven alphanumeric characters.

Jim, what about security questions?

Can they help as well?

Because I’ve heard
it’s a good idea to,

say the security question is “What
was your mother’s maiden name?”

to set the answer to that

to be the answer to
a completely different question

like your date of birth.

For sure, you know, especially
your mother’s maiden name,

you can go to a genealogy site

and find those out
pretty quick on people.

But there’s another
thing you can do

that’ll allow you
to go to any site,

have it always be unique and
still be kind of easy to remember.

Come up with your set password,
have it be eight characters, crazy,

upper case, lower case,
whatever it is,

and then look at the domain name
from where you’re at

and come up with your algorithm
of what you’re going to use.

So let’s say it’s Amazon.

I’m going to use the first
letter and the last letter

of that domain name,

and from that point on,
every site I go to,

I’ll always add the first and
last letter of the domain in

at the end of my password.

So now, every site I go to,
my password will always be unique,

and yet for me, it’ll be easy
for me to remember it

because all I have to do
is look at the domain name

and I know whatever
it is right off of that.