Passwords, security and inertia a toxic brew

Summary:I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room and had to enter a password. That password was 0123456789. It's almost too easy for hackers.

Another day, another batch of passwords swiped, or re-used for attacks or leaked out to the public.

Today, it's Yahoo passwords that have been swiped. Best Buy passwords are being re-used for attacks . A month ago, LinkedIn had password issues. We've probably missed a few password security fiascos in between those security stops.

password_security

In 2009, a Google security wonk noted that passwords are useless, outdated and a security risk. Fast forward, three years and you can slap an exclamation point to that statement.

Primer:  Ten basic steps to secure your PC and online accounts  |  Yahoo confirms 400,000 accounts hacked, less than 5% valid

Yet. Nothing. Ever. Happens.

The password system just won't die. I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room and had to enter a password. That password was 0123456789. The password should have been "why bother." On the bright side, at least the company didn't use "password" as a password.

You know the drill by now. Users keep similar passwords across accounts to remember them. Number variations are the norm.

The quick solution to this password issue is an account manager. The problem is that these systems create a single point of failure.

But Ryan Naraine said it best: "These password managers are a single point of failure, but it's the best of a terrible world. The alternative is that everyone uses password123 for all sites."

Topics: Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.