There has been a data breach at Yale University. Thousands of students, faculty and staff have had their personal information compromised. That a university has had a security breach is not news any more. It happens so often.

Why this particular security breach is important is that it illustrates a point:

“…”As it explained in the notification letters, the university does not believe that this incident presents a significant danger of identity theft because the crime was almost certainly aimed at obtaining hardware for sale — not at exploiting the data that were on the computers,” Yale said in a statement. “Moreover, both of the computers were password-protected, and one was protected by multiple password levels, which would require considerable computer savvy to bypass.”"

link: Stolen Yale Computers Had Private Data

And the point is this: passwords only give limited security. There are means to bypass passwords. It is not that difficult. If all that stands between a hacker and a treasure trove of data is a password or two, with some time, the hacker or someone in his/her network will be able to breach that security. The misconception is that the password safeguards the data. It does not. A password is an obstacle - an inconvenience to the hacker. Encryption is more of a challenge…

Catherine Forsythe

[tags]data breach, privacy, security, identity theft, password, hackers, data protection, encryption, yale university[/tags]