Topics:

• This week we are pleased to welcome James Chiappetta, Security Expert from Better Appsec.

• An intro to the human element of security.

  • https://betterappsec.com/how-appsec-can-help-balance-product-usability-with-security-e958463aad81

  • https://betterappsec.com/how-to-account-for-the-human-element-in-appsec-146548ecb9a1 

• What are the most common iphone PINs and what drives the creation of them? http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes

• Is a 6 digit PIN really more secure than a 4 digit PIN? 

• https://arxiv.org/pdf/2003.04868.pdf >> In a throttled scenario, simply increasing the PIN length is of little benefit. In our results, there was no significant difference between 4- and 6-digit PINs within the first 100 guesses

• Product and Usability/Convenience - Opting in vs Opting out

  • The Engine Start/Stop example - https://www.edmunds.com/car-reviews/features/do-stop-start-systems-really-save-fuel.html && https://www.edmunds.com/fuel-economy/engine-stop-start-systems-save-fuel-at-low-cost.html 

• What is the responsibility of consumer brands on data privacy and security? 

  • GDPR - accept all cookies?

  • Steve Job’s stance on prompting the user about the decision of opt in vs opt out

  • How or when does the question of optin vs opt on get asked factor in? 

Consumer empowerment. The individual should be able to actively manage their own data via consent, access, and correction mechanisms. In the event of a lack of adherence to these principles, there must be a way for the individual to address the breach without negative consequences. >> https://lolokaufman.medium.com/is-privacy-by-design-enough-12aa4fddb747