Yes, we get it. Humans are dumb panicky animals. According to some of the nastier aliens in the universe we humans are, “Nothing but undeveloped, unevolved, barely conscious pond scum, totally convinced of their own superiority as they scurry about their short, pointless lives.” Harsh. But, when it comes to the subject of passwords we really do get lost in the weeds in really short order. There is a fascination of standing by the side of the road and laughing manically at compromised passwords. Why is that exactly?
Every (insert time frame) we see a new report published on the top passwords used by people. Invariably the top honors goes to “12345" followed by “password”. People by and large tend not to be overly concerned about passwords until their data is compromised. We tend to have a limited ability to remember passwords and as a result many folks will right their passwords down on post-it notes and affix them to their monitors or under their keyboards. There are better ways to store passwords to be certain such as password managers.
The company SplashData released their report a couple days ago that outlined the trends in passwords after a review of compromised data in 2015.
In SplashData’s fifth annual report, compiled from more than 2 million leaked passwords during the year, some new and longer passwords made their debut – perhaps showing an effort by both websites and web users to be more secure. However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure.
So, rather than continually whinge about bad passwords as we do on a semi-annual basis let’s fix it. I can actually hear the air get sucked out of the room at that thought. Seriously though, we continually point and laugh at the people who had their passwords compromised in a data breach and seldom take a moment to figure a way to remedy the situation. On this subject we have a long track record that demonstrates that for most of us, we have all the range of a Daisy air rifle.
Of course this post by SplashData was meant to push their password manager. And password managers have their ups and their downs. I can’t speak to this company’s one as I have not used it myself but, this type of thing is a good measure to help in the near term. The rub is, how do we make the subject of passwords better? There have been attempts by numerous websites to employ two factor authentication. In principle this is a good step. Sadly, in many cases this has devolved into a ham-fisted attempt to harvest mobile numbers for their monetary value as opposed to actually using them for the sake of security.
As long as we have people touching keyboards we are going to have bad passwords. This is something that we cannot avoid. This nonsense of shaming folks for bad passwords has limited value and, in cases like this, will generate some level of press. What we need to do is work on creating a better way to handle passwords.
With that I will leave the floor open to ideas. To pass the time I’m going to go sit in the corner and eat some paste.