Uncategorized Archives

Discover the Alarming Patterns of Common PIN Codes in a Striking Graph

enicaise | 2024-06-18 | Security culture, Security Education, Uncategorized, Visualization

The power of a graph is amazing, even more in cybersecurity. You might have already seen this but it is still captivating: A visual representation of the frequency of 4 digits PIN codes.

It shows that 1234 & 4321 are still very frequent, so are pairs of the same two digits (like 0101 or 5566). Birthdate are still common too, of course.

Interesting fact: the 20 most frequent PIN Codes (0,2% of possibilities) represent 27% of all the used codes. So, if you use 1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555 1122, 8888, 2001, 1111, 1212, 6969, 3333 or 6666, well, you making it quite easy to guess your PIN code.

Beautiful visualization from I nformation Is Beautiful

There is also a great analysis of the data used for this visualization on PIN number analysis (datagenetics.com)

Training with images & videos? Yes, but good ones!

enicaise | 2023-01-29 | Uncategorized

To improve our security and efficiency, we need well-trained people. It doesn’t have to be everything, but it should be enough to make their lives easier and/or safer. One of the difficulties nowadays is catching people’s attention, even at the office. Forget about long documents—maybe even short ones. When we, as people, want to learn something, we will probably turn to YouTube in the first place. Short educational videos and micro-learning aren’t just buzzwords; they are the current trend in self-education. So, why don’t we embrace the trend?

Let’s take just one example. What will create a better learning context: a cheat sheet with some Microsoft Windows shortcuts or this 47s video created by GUI ESP?

It’s clear, short, aesthetically pleasant, and likely more memorable than a list of keyboard shortcuts.

As another example, we designed a simple communication to remind our customers about this simple yet important behavior: locking your computer when you leave it unattended. We based communication on a simple gesture: hitting the Windows and L keys when you stand up (many people don’t know how easy it is to lock a computer, so they don’t do it systematically). Our main focus here is to teach them how to do it. As the key combination is the first thing you read and we associate it with the words “lock” and “leave,” we create a way to remember the key combination (a mnemotechnic) and when to perform it.

So, as always, think about KISSS (Keep It Simple, Stupid and Seductive) and aim at small and precise behaviour changes.

The Consumer Authentication Strength Maturity Model (CASMM)

enicaise | 2022-03-20 | Uncategorized

A few days ago, Daniel Miessler updated the Consumer Authentication Strength Maturity Model (CASMM) to the version 6.

It is a great #visualization of consumers’ password maturity.

While we are sometimes still struggling with people using shared password or bad quality passwords, it will help show the path to more secure behaviours.

Also, it might create an anchoring effect and move the perceived norm for authentication to a higher level of maturity.

You can find the latest version of the CASMM on Daniel’s website: https://danielmiessler.com/p/casmm-consumer-authentication-security-maturity-model/