Download Trial: NIST-Certified AES EncryptionDownload a free 30-day trial of our popular NIST-certified AES encryption for all enterprise platforms. |
The recent email and password breaches at LinkedIn and Yahoo have exposed how severe the loss of this information can be. A large majority of people use the same email account and the same password to authenticate to multiple web sites and services. For this reason, the breach of any one site compromises the security of the others. And the fact that Facebook, Google, and other sites make it easy to share authentication makes the impact of a loss that much greater.
Because of these losses, I’ve been getting a lot of questions from CIOs and database administrators about protecting email addresses and email passwords in their databases. While the techniques used to protect information in databases are different than the techniques used to protect login credentials, you should definitely put this type of information under data protection controls.
Here are some steps you can take to protect this important personally identifiable information in your databases:
Database vendors like Microsoft, IBM, Oracle, and others have done a lot over the last few years to make this effort easier. And security vendors (we are one) have also made progress in making encryption and key management faster and more affordable. Encryption is widely viewed as hard to do and expensive. That’s no longer true - times have changed! Download a free 30-day evaluation of our NIST-certified AES encryption and see how easy it is to encrypt usernames, passwords, and other PII on your systems.
Patrick