Skip to content

OPLIN 4cast #456: Password (in)sanity

Posted in 4cast

Last updated on September 29, 2015

password text boxPasswords, passwords, when are we ever going to quit talking about passwords? Perhaps sooner than you might think. The huge hack of the Ashley Madison servers, which compromised 11 million passwords, made password security a topic of the mainstream media last month, with all the usual reminders of the rules for good password management that we’re all supposed to follow. But there is also a growing opinion that these rules have become so complex that most of us just give up and ignore them, and that what we need is not more rule reminders, but more common sense in how we ask people to create and manage passwords. For instance, what about the rule that says we should never reuse a password?

  • Ashley Madison password crack could spell trouble across the Internet (Ars Technica | Dan Goodin)  “The group hasn’t released the passwords, but now that their findings are public, it’s inevitable the vulnerable passcodes will become widely available. And assuming Ashley Madison subscribers have used those passwords to protect other accounts, that means the Internet may be in store for a new round of account compromises. Ars has long advised readers to use 1Password, LastPass or another widely used password manager to store a long, randomly generated password that’s unique for each account.”
  • 84 percent of people support eliminating passwords (BetaNews | Ian Barker)  “Almost half of the survey respondents (46 percent) say they currently have more than 10 passwords to manage, and 68 percent acknowledge that they reuse passwords for multiple accounts. In addition, 77 percent say they often forget passwords or have to write them down. Among respondents’ top password peeves are those systems that require users to change their password frequently, and systems that require users to create passwords that do not fit the model of one they regularly use.”
  • Are millennials the latest security threat? (Software Advice | Daniel Humphries)  “Here, millennials come out in front, with 85 percent admitting to reusing passwords. However, Gen X lags only six percentage points behind, at 79 percent, while almost three-quarters (74 percent) of boomers are guilty of the same bad habit. So are millennials inherently more cavalier regarding password security? Not necessarily: assuming millennials use more online services and apps than their parents and grandparents, they will have a greater quantity of passwords to remember. So it’s no surprise if they reuse some of them.”
  • Making security better: Passwords (Gov.UK CESG Digital blog | Jon Lawrence)  “There are passwords everywhere! However, the conversation we’ve had with people all around the public sector hasn’t been a happy one when it comes to passwords. When every system needs a different password, the complexity settings for each system are set high, and password changes are enforced frequently, the outcome is not better security. Through research, in collaboration with the Research Institute in the Science of Cyber Security, we’ve learnt about how trying to make passwords ‘more secure’ means systems end up less secure. When we’re overloaded with passwords, we all end up ‘breaking the rules’: we use the same passwords across different systems; we use coping strategies to make passwords more memorable (and thus more easily guessed), and we store passwords insecurely.”

Articles from Ohio Web Library: