In a recent article “The
Great Bank Heist,” I touched on the topic of strong passwords and the need
for them. After completing that article I walked away and thought stronger
passwords are worth taking a deeper look at and felt compelled to write an
article about it. So here it goes…
How strong is your
password?
Please tell me you are not one of the millions
of people who use “123456” or “password” as a password. No offense to
people who use these passwords, but come on! You are smarter than that folks!
Choosing a stronger password than these is easier than programing a VCR clock,
I promise. And if you are too young to get the reference I suggest you look it
up on Google.
But why do people use such low brow passwords? Is it
laziness, an I don’t care attitude, or is it simply ignorance?
So many questions I have for this of group users, but who
can I ask these questions to? Dang that is another question! The nonchalant
attitude of “it won’t happen to me” could be another reason that someone may be
using a weak password. This careless and carefree attitude is certainly not the
right approach to take on anything in life, let alone a password that grants
access to something as important as your bank account or health records.
Bringing a horse to water is always the easiest part, but
making that horse drink is a whole other story. I am going to try to achieve
both in this article today.
Drink this water!
Stronger passwords are commonly associated with something
hard to remember, but that does not need to be the case. Sure, “password” is
easy to remember but there are many other things in your life that are easy to
remember, like the first person you kissed or the mascot of your high school.
These are things that just roll of your tongue and are facts, not something
that changes like you favorite color or favorite band.
Many self-service
password reset solutions ask you knowledge based questions to unlock your
account, but these answers could actually make for good passwords too. Tack a
number and a special character on to the beginning or end of that phrase and
you got yourself a strong password!
I argue that a strong password can be as effective as many
other alternatives of stronger authentication techniques, like two-factor
authentication (2FA). 2FA certainly does have its place and purpose in the
authentication world, but it can tend to be clumsy and very cumbersome to the
end-users. Entering a user name and strong password can achieve the same level
of protection, trust me!
Poisoning the
Watering Hole
For many years passwords were good enough, dating
back centuries even, passwords were king. Passwords granted access to
Egyptian tombs to protect artifacts and personal effects of those mummified
individuals. So why is something as old as time getting such a bad rep in the
twenty-first century?
I blame the laziness.
The lazy end-user has come out to play and expects
everything in life to take no effort, this attitude creeps through perfectly in
the previously mentioned top passwords of 2014. It certainly is not lack of education or
knowledge about hacking attacks, turn on the TV and you are pretty much
guaranteed to hear something about another breach. Looking back 40 years, there
was not a need to remember many passwords. Passwords were more used in secret
societies and not in the main stream, day-to-day life of John or Jane Doe.
There is a renaissance on the horizon though, as the youth
of America grow older and turn into adults and leaders within companies they
seem to get it. They understand that passwords actually mean something and they
are put in place to protect something worth protecting. This knowledge and
attitude will propel us into a safer cyber world, and I would even hedge to bet
that as time goes on the number of hacking attacks that take place will go down
every year.
No comments:
Post a Comment