Print Page   |   Contact Us   |   Sign In   |   Sign Up
Young's Stuff
Blog Home All Blogs
Search all posts for:   

 

View all (42) posts »
 

Cyber Security, Direct-Line Changes in the Industry, Optical-Recognition Vehicle Registration

Posted By Thom Young, February 2, 2016

The Evolution of Cyber Security

Logging into a work station hasn’t really changed much in the last 20 years. Some IT managers have tried to improve the locks at the gate but, no matter their efforts, people still seem to find a way to defeat the safeguards put in place. If you’re like me, you likely keep a file somewhere with all the passwords for the various places you need to access on your computer. While the practice isn’t recommended, it’s sort of necessary, isn’t it? My file is four pages long. I have a good memory, but not that good. Most of my passwords also contain minor deviances from each other. The similarity helps me remember them without needing to go look in this file. That practice too is not recommended, but I’ve been using that system to manage my passwords since I studied cryptology as a young soldier nearly 45 years ago. Back then, we learned that any password could be cracked with enough time. The effectiveness of a password then as now is determined by the time necessary to crack it. No matter how complicated a password you use for any application, the improvement in computing power and speed are constantly reducing the time needed to break the code. Recently, I’ve been using a password-management program to remember a number of my logins. This program claims to use an algorithm to store my password, and this filter changes routinely to provide a very secure storage site. I’ll stick with the story I’m telling though: all passwords can be cracked with enough time and effort, no matter how you calculate them.

The amount of effort invested in trying to access a password has to be valuable relative to what you get out of it. I’m quite sure that no one is going to invest much time trying to access my account with the American Philatelic Society, but maybe they’d be willing to put supercomputer power to work on my banking or business logins. I’m flattering myself with my own importance here, but I think you’ll understand my point.

I’ve been following a number of articles on cyber security recently and noted one in Canadian Broker magazine citing the most common passwords in use today. Despite all the warnings, few of us seem to take heed or even care. Here’s the latest list of the top 20 most-used passwords:

Rank
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Password
123456
password
12345678
qwerty
12345
123456789
football
1234
1234567
baseball
welcome
1234567890
abc123
111111
1qaz2wsx
dragon
master
monkey
letmein
login
princess
qwertyuiop
solo
passw0rd
starwars
Change from 2014
Unchanged
Unchanged
Up 1
Up 1
Down 2
Unchanged
Up 3
Down 1
Up 2
Down 2
New
New
Up 1
Up 1
New
Down 7
Up 2
Down 6
Down 6
New
New
New
New
New
New

A programmer friend of mine advises me that he has a simple little application on a thumb drive that will try all of these (and some not listed) on any login in less than 10 seconds. Apparently, you can download this app off the internet. If you’re using these passwords for any application login, I think you should immediately consider changing them to something more secure.

A strong password needs to be at least eight characters long and should contain both upper and lowercase letters, at least one number, and at least one non-numeric or alphabetical character. It should be a random group and not contain a complete name in letters. The longer the password following the same principles, the more secure it is. As I stated at the outset of this discussion, all passwords are breakable, but the stronger it is, the longer it takes to break it and, therefore, the better protected the data past the password becomes. Microsoft has some good advice on this subject.

Recently, much talk has circulated on the future use of biometrics as the new standard for a secure login. Essentially, some indicator unique to you, such as your fingerprints, retinal scans, heartbeat, palm print, voice analysis, or facial features, can’t be easily duplicated by a computer hacker or thief. This biometric identifier can be read by your computer, often without the need to install a special piece of hardware. Almost all laptops and notepads now come with a built-in camera. All that is needed is the correct facial-recognition software to provide only you with access without having to input anything on the keyboard. Likewise, audio filters and touch pads determine fingerprints and such.

Facial-recognition software is advancing at such a tremendous pace that retail establishments commonly use it to track customers in their stores. A computer program tags their images with data on when they come, what they purchase, and what their preferences are. The information is available for analysis and target marketing later.  I’ve seen this kind of software demonstrated in conjunction with an office data-management system similar to that used by many brokers in their offices now. When clients walk in the door, the program notifies reception with their names and CSR. Depending on the program’s configuration, the CSR can be automatically advised that the clients are in the waiting area, and either a computerized reception station informs the clients that the CSR will be out to meet them momentarily or the receptionist is prompted to say the same thing. All this information is integrated on the CRS’s workstation or tablet with the production records in the clients’ records and files. This is quite an efficient process compared to that just a few years ago. A number of American banks are also using this technology to increase safety and security for their customers and the business.

I wonder what new developments we’ll see in the future. I also wonder what inroads will be made into personal privacy when customers’ movements are tracked by facial-recognition software and the retailers share the information among themselves. Will we walk into the grocery store to find a basket already containing all our usual items and a few special ones being promoted by the store? I don’t know how I’d feel about that marketing. I also don’t know if a negative view would make any difference because the change seems to be inevitable.


Direct-Line Changes in the Industry

Last week, we were all a little surprised to learn that the Royal Bank of Canada decided that its general-insurance returns weren’t adequate to its needs and reached an agreement with Aviva Insurance for RBC’s P&C purchase. This acquisition initially sounded to me like a good deal for our industry—another major bank admitted it had been unable to compete on a level playing field and was vacating the business. In fact, the reality seems to be that Aviva has purchased RBC General Insurance Company’s general-insurance book of business and appointed the company to represent its products in the same manner as any other broker. While I’m now not so sure anymore that this transaction is a win for our business, I am sure that it’s not a loss.

We compete in a competitive marketplace. As brokers, we have better choices for our customers than most of our competitors. Direct writers, whether they be offshoots of company players on the broker side of the game or agents for a stand-alone business, cannot effectively compete with the brokerage channel on price or product. This difference has always been the case and continues to be the reality of the insurance marketplace in North America. Aviva partnering with RBC Insurance isn’t going to change that reality. Neither will Intact expanding its direct channels in the marketplace nor, as I read today, Economical introducing a direct channel, affect that difference. These efforts by any insurers are doomed to lack-luster returns and short-lived efforts just so long as we as brokers get out there and compete for our market share. We excel at giving the best service to our customers and finding the best insurance solutions for them in price and product, so we don’t need to fear anyone in our market. Time will tell if this new venture between Aviva and RBC will be a success.  However, as brokers, we should all continue with excellent customer service so that we continue to beat RBC in competition.

Manitoba Gets Rid of License-Plate Stickers

When talking about technological advances, the simple process of eliminating license-plate stickers for registration renewal, as Manitoba has done, doesn’t at first seem like much of a big deal. So what if, in Alberta, it would eliminate the annual ritual of obtaining a new expiration sticker and putting it on your license? However, the reason these stickers have become redundant is just a small sample of how the technical advancements of optical recognition have progressed. The dash camera that is becoming standard on all police cars is connected to the provincial database through the computer in the police car and can read any license plate from quite extraordinary distances and instantly determine the registration status. The sticker, on the other hand, relies on the human eye’s limited vision and can determine only its validity. Wired cars are the new norm. Soon the digital repository of information relative to the owner and operators of the car will become part of the digital record available to law enforcement. Tracking stolen vehicles and citing drivers for infractions will become an automated process. Photo-radar tickets will contain the identity of the drivers, an automatic adjustment to their driving records, and a link to the insurer’s databases. Immediate adjustments in premium can be determined and the real function of UBI will come into play. Customers will be charged for the true underwriting risk immediately. Talk about an incentive to change behaviour! The duties of traffic police will be not much different than those of the parking authority—digitally recording infractions and violators. The world is going to continue to change.

In Closing

I’m hoping the take up of people following my column continues to increase. The new format allows IBAA members to make comments directly on the blog and share thoughts not only with me but also with other readers. If you prefer, you can email me instead with any comments you’d like to make. Just remember to subscribe to the blog (under Your Network in www.ibaa.ca) so you receive notice of its publication. Looking forward to hearing from you!

The opinions expressed in this blog are not necessarily those of IBAA.
Comment on this post below or email Thom Young privately. Thom also encourages suggestions for topics.

 

Tags:  Aviva  banks  biometrics  broker channel  cyber security  direct writer channel  IT  license plate  optical recognition  passwords  RBC  telematics  UBI  vehicle registration  Young's Stuff subscription 

Share |
Permalink | Comments (0)
 
more IBAA Courses and Events

2017-09-27
Diversity & Culture in the Workplace

2017-10-02 » 2017-10-06
Licensing Level 1 Immersion - Edmonton

Featured Members

Membership Software Powered by YourMembership  ::  Legal