O'Reilly logo

Hacking the Hacker by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

22Profile: Dr. Cormac Herley

Dr. Cormac Herley is an unintentional disruptor. He says things that challenge long‐standing dogma, which not everyone wants to hear, especially if they’ve invested millions of dollars and decades of resources into doing the exact opposite for years. Dr. Herley uses data mining to seek the truth. He’s even well aware that some of his contrarian views, backed by data, may take a decade or longer before people will even listen.

One example is his research into computer passwords. The conventional wisdom is that passwords need to be long, complex, and frequently changed. Dr. Herley’s research (https://www.microsoft.com/en‐us/research/wp‐content/uploads/2016/09/pushingOnString.pdf) showed that the globally accepted security reasoning, supported by nearly every computer security expert in existence and a requirement on every computer security guideline ever produced, is probably wrong at the very least and is likely exacerbating the problem. Dr. Herley’s research showed that long and complex passwords don’t mitigate most password hacking these days and often result in higher risk due to end‐user issues (such as writing passwords down or reusing on different sites).

He’s even been bold enough to say that “most [computer] security advice is a waste of time” (https://www.microsoft.com/en‐us/research/wp‐content/uploads/2016/02/SoLongAndNoThanks.pdf). And he does it with data and evidence. Dr. Herley is my kind of guy.

Dr. Herley got his PhD from Columbia ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required