Passwords, security and inertia a toxic brew

I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room and had to enter a password. That password was 0123456789. It's almost too easy for hackers.

Another day, another batch of passwords swiped, or re-used for attacks or leaked out to the public.

Today, it's Yahoo passwords that have been swiped. Best Buy passwords are being re-used for attacks . A month ago, LinkedIn had password issues. We've probably missed a few password security fiascos in between those security stops.

password_security

In 2009, a Google security wonk noted that passwords are useless, outdated and a security risk. Fast forward, three years and you can slap an exclamation point to that statement.

Primer:  Ten basic steps to secure your PC and online accounts  |  Yahoo confirms 400,000 accounts hacked, less than 5% valid

Yet. Nothing. Ever. Happens.

The password system just won't die. I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room and had to enter a password. That password was 0123456789. The password should have been "why bother." On the bright side, at least the company didn't use "password" as a password.

You know the drill by now. Users keep similar passwords across accounts to remember them. Number variations are the norm.

The quick solution to this password issue is an account manager. The problem is that these systems create a single point of failure.

But Ryan Naraine said it best: "These password managers are a single point of failure, but it's the best of a terrible world. The alternative is that everyone uses password123 for all sites."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All