Opinion for hire
  • Home
  • Are we feeling secure?
    • Secure Identity in the Big Bad World
    • I am NOT afraid
  • Educate me!
    • Asking for Training is a sign of Weakness
    • Instructor-led vs. eTraining
  • Trust in an invisible world
    • The Ten Laws of Trust
    • Dear Spammer
  • I may be wrong, but...
    • The Rule of Threes
  • The blog

Musing about passwords...

8/2/2016

0 Comments

 
​The *big* problem lies with web sites that insist on 'good' passwords for access to trivial stuff.

I know of one major consulting company that insists on the whole upper / lower / digit / punctuation thing merely to create an account to read their published content.

Those are the kinds of sites that give us all the irits!

I have no problem re-using the same trivial password for sites that need no personal information (or are happy with false data!). As soon as a site records some kind of unique / personal data about me, the 'proper' rules kick in.
​
I'm fairly sure this attitude is the reason many of the hacks reveal such a plethora of easy-to-guess passwords, passwords that will work on other sites. Despite all the warnings about re-use, I think people are generally more pragmatic than the experts give them credit for. And I think (hope!) that this explains the number of 'easy' passwords that researchers discover in the various troves of stolen credentials.
​
I know we have seen reports of a breached email address / password list being used to authenticate on a different site, but how often has this been proven to occur where the second location contains personal information? In fact (wondering out loud) have any of the researchers tried the password against the actual email account?
0 Comments

    Author

    David Heath is a New Zealand-born Australian resident who initially pursued Geology and ended up with a Computer Science degree.

    These days, David writes for a living - predominantly as an Instructional Designer for a major industrial control vendor where as well as writing multi-hundred page technical training manuals, he also delivers a variety of  in-company courses including a "Train the Trainer" course.  He is often heard musing out loud, what makes us trust the trainer?

    Being an INTJ, David cannot possibly be restricted to a single area of interest and thus he is likely to explore all manner of diverse topics.


    ​David is also Security Editor for an on-line IT news site.

    Archives

    October 2019
    February 2016

    Categories

    All

    RSS Feed

Powered by Create your own unique website with customizable templates.
  • Home
  • Are we feeling secure?
    • Secure Identity in the Big Bad World
    • I am NOT afraid
  • Educate me!
    • Asking for Training is a sign of Weakness
    • Instructor-led vs. eTraining
  • Trust in an invisible world
    • The Ten Laws of Trust
    • Dear Spammer
  • I may be wrong, but...
    • The Rule of Threes
  • The blog