Eponymous Laws: Schneier's law

Each month, we're taking a look at an eponymous law, a 'law' that's named after someone, usually the author.

Today we're looking at Schneier's law - "Any person can invent a security system so clever that she or he can't think of how to break it."

Surprisingly, in this field, security by obscurity is one of the big security measures.  Hackers won’t find it if it’s a needle in a haystack.  Of course hackers are pretty good with magnets.

The much better way is by not keeping things that need to be secure.  Hand them off to Authorize.net or a third party that specializes in that type of data.  Much more effective and probably cheaper.

Or better yet, don’t ask secure things as much as possible.  Does your job application really need a social security number?  No, you can easily ask that at the interview or hire, should it get that far.  Otherwise you’ve just asked 20 people for secure information and you only expected to use it once out of the 20.  Which means you’ve left yourself open to the liability of 20...let’s say one of those folks gets their identity stolen and they remembered that they used your website recently, so they automatically assume it was your failure.  Good luck proving that it wasn’t.