Passwords, security and inertia a toxic brew

Passwords, security and inertia a toxic brew

Summary: I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room and had to enter a password. That password was 0123456789. It's almost too easy for hackers.

SHARE:
TOPICS: Security
2

Another day, another batch of passwords swiped, or re-used for attacks or leaked out to the public.

Today, it's Yahoo passwords that have been swiped. Best Buy passwords are being re-used for attacks. A month ago, LinkedIn had password issues. We've probably missed a few password security fiascos in between those security stops.

password_security

In 2009, a Google security wonk noted that passwords are useless, outdated and a security risk. Fast forward, three years and you can slap an exclamation point to that statement.

Primer: Ten basic steps to secure your PC and online accounts | Yahoo confirms 400,000 accounts hacked, less than 5% valid

Yet. Nothing. Ever. Happens.

The password system just won't die. I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room and had to enter a password. That password was 0123456789. The password should have been "why bother." On the bright side, at least the company didn't use "password" as a password.

You know the drill by now. Users keep similar passwords across accounts to remember them. Number variations are the norm.

The quick solution to this password issue is an account manager. The problem is that these systems create a single point of failure.

But Ryan Naraine said it best: "These password managers are a single point of failure, but it's the best of a terrible world. The alternative is that everyone uses password123 for all sites."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Security

    Be Secure With Comodo Security Products.
    Manasy
  • passwords are useless, outdated and a security risk.

    At times it is just annoying the fact that we are still living in a password world. Almost everything is still only password protected. But ultimately the fact is passwords (strong or not) do not replace the need for other effective security control. As was stated passwords are useless, outdated, and a security risk. That same organization understood that only real solution is the need to add additional layers of authentication for access and transaction verification without unreasonable complexity and this will of help to their customers if they implement some form of a two-step or two-factor authentication were you can telesign into your account and have the security knowing you are protected if your password were to be stolen. This should be a prerequisite to any system that wants to promote itself as being secure. With this if they were to try to use the “stolen” password and don’t have your phone nor are on the computer, smartphone or tablet you have designated trusted, they would not be able to enter the account.
    Branden_B