Marissa Mayer is a twerp.
There, I’ve said it.
Sure, she’s a really smart person in many ways (you couldn’t become a VP at Google and most recently CEO of Yahoo if you weren’t), but when it comes to her personal privacy and smartphone security, she’s an airhead.
The revelation came when Marissa Mayer enthused about the iPhone 5S’s new fingerprint sensor, during an on-stage discussion with Michael Arrington at the TechCrunch Dispute conference:
It’s funny because you mocked me once at TechCrunch, maybe it was at LeWeb.. because Mike was making fun of me because [highlight]I don’t have a passcode on my phone[/highlight].
And Mike was like “Are you crazy?”, and I was like “Look, I just can’t do this passcode thing – like – 15 times a day”, and then when I saw the fingerprint thing I thought now I don’t have to…
Colour me unimpressed.
It is crazy not to have a passcode in place on your phone. And, to be honest, it’s not really good enough having a weak four digit passcode on your iPhone either (longer, more complex passwords are better and surprisingly easy to remember).
What’s alarming is that Mayer is the CEO of a major internet company, who have a responsibility for protecting the privacy of hundreds of millions of net users.
What kind of example is she setting by not having any form of login security on her smartphone?
If someone was able to access Marissa Mayer’s mobile phone (which she admits is always left unlocked) just imagine the confidential email conversations between her and her senior colleagues at Yahoo that they would be able to access, as well as who-knows-what other sensitive information about a publicly-floated company.
What a soft target for hackers, data thieves and spies she is!
I wonder what other sensible security steps she doesn’t bother with?
I wonder if she bothers to password-protect her laptop? (After all, isn’t typing a password in when you return from the screensaver a real nuisance?). Does she use the same password on multiple websites? Does she not use full disk encryption on her hard drives?
And this, remember, is the woman who says she is battling the NSA, and says she faced jail if Yahoo had revealed the agency’s secret surveillance of users.
What a twerp.
I think it’s time Marissa Mayer, and any other tech leaders who take a similarly irresponsible attitude to security, went back to the classroom.
TBH I don't think Marissa is smart at all. She doesn't sound like it and with all of her recent acquisitions she certainly doesn't show it. I'm not being negative because of jealousy but it's clear she was at Google at a time of guaranteed growth and that's where her reputation sky rocketed. With this news my last resort is to simply facepalm.
"Marissa Mayer is a twerp" Youhouu ! That's said!
"I have no passcode on my phone"…
What I think is really more alarming is that Yahoo! has notable exceptions to their security policies for the top management. Or, in the worst case, they don't have policies at all!
This is a invaluable information to give to a potential attacker, and she revealed that on stage!
As you said, maybe before I didn't think about stealing her phone, but now is a red carpet to everyone that wants to know Yahoo! secrets!
I must say that is alarming as a user, but as a security professional I'm glad (ok, not that much) to see that every company is the same when it comes to permit to the CxO staff to avoid the security policy.
Security policies that should be in place at first for them.
Hilarious to see self-righteous lambasting someone else for being lazy.
Apple says that their market research shows 50% of users are just like Marissa. But then again, Apple doesn't do market research.
She's the head of, essentially, an entertainment company, not the head of a security company. Sure she has the security of her users to consider but nothing about this story makes me think those folks are any less protected for her lack of action: She has a head of security to worry about that.
I think this is a non-story filling up column space….
It's even worse, as she's a high-value target, and even if she had a passcode, the attacker will take considerable effort to bruteforce it.
What you should be doing is using a non-dictionary password, with special characters, but these will only slow down the attacker.