Steven Bellovin Takes Aim at Cybersecurity Myths in New Book
Steven Bellovin Takes Aim at Cybersecurity Myths in New Book
https://circleid.com/posts/steven-bellovin-takes-aim-at-cybersecurity-myths-in-new-book
Publish Date: 2026-05-07 15:30:00
Source Domain: circleid.com
Steven Bellovin’s practical cybersecurity guide is freely available online: Download “Don’t Get Hacked! Protecting Yourself at Home” here.
The Columbia University cybersecurity researcher argues that ordinary users need clearer, more practical online-security advice as scams, phishing and digital threats grow increasingly sophisticated.
Steven M. Bellovin, a computer-networking and security researcher who has taught at Columbia University since 2005 and previously served as a fellow at AT&T Labs Research, has released a new book arguing that much of today’s cybersecurity advice is either too technical, too outdated or simply unhelpful for ordinary users. Don’t Get Hacked! Protecting Yourself at Home aims to provide practical, jargon-light guidance for people trying to secure their phones, laptops and online accounts. The book has been made freely available online under a Creative Commons BY-NC-ND license.
Bellovin says most cybersecurity books are written either for professionals or by non-experts recycling obsolete wisdom. His new volume targets neither chief information-security officers nor intelligence officials, but everyday users navigating scams, passwords, software updates and the hazards of modern internet life.
The book challenges several pieces of conventional advice that have become internet folklore. Bellovin dismisses the elaborate password rules imposed by many websites as largely counterproductive, arguing instead for long, memorable passwords and password managers. He also adopts a more skeptical tone toward antivirus software, suggesting that modern operating systems may already provide sufficient protection for many users if they are kept properly updated.
Throughout the book, Bellovin stresses what security professionals call “threat models”—understanding what one is protecting and from whom. Rather than demanding perfect security, he advocates “caution, not abstinence”, warning that users should…
