Security blessing No. 3: Two-factor authentication goes legit
I think 2013 will be remembered as the year when the last of the big cloud service providers finally got on board with two-factor authentication. After decades of simple password failures and phishing attacks inconveniencing millions of users, and following the lead of Google and Facebook, multiple major cloud providers began offering (in some cases, requiring) two-factor authentication, including Microsoft, LinkedIn, Twitter, Dropbox, and Apple.
Security blessing No. 4: Transport-layer security replaces SSL
Encryption over the wire is getting more secure and is being turned on by default more often. Older SSL encryption is being replaced with TLS (Transport Layer Security). In fact, if you're a website and you offer only SSL, you're behind the times.
Many popular websites and Web apps now provide TLS-enabled HTTPS by default, including Facebook, Gmail, Yahoo, and Outlook.com. Some services have long offered HTTPS as an option, but enabling it by default improves transmission security immensely.
Security blessing No. 5: PtH attacks get remediation
Microsoft's multiple PtH (pass-the-hash) remediations for Windows remind us that even difficult, complex security problems can be solved. Today it's fairly normal for attackers who gain access to a Microsoft network to use PtH tools and techniques to quickly take over the entire network. Microsoft made OS modifications to make them harder to pull off and published several whitepapers about preventing PtH and other credential thefts, including this one, on which I was a co-author. If your company is worried about PtH attacks, read and learn more about the new mitigations.
Sure, I could be complaining about plenty of security issues. That's my natural disposition when discussing computer security. But for now I'm going to count my blessings -- and stay hopeful for the coming year.
This story, "Lucky 2013: Count these 5 security blessings," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.