Passwords!
For *years* I've been saying we're doing password wrong when we require stupid rules. I guess if the Wall Street Journal is finally agreeing with me that I should count that as validation, right? More words after the video.
Stupid password rules have been one of my many pet peeves for a long time, especially when the identity I'm "protecting" with a password has zero value. To put it in one story there was a site that would allow you to customize what order the stories show up in. You couldn't post, you couldn't save a credit card number and you couldn't send an email. I tried a made-up, nonsense word that was 10 characters long and was refused because it wasn't "complex" enough. I then tried "Password321!" and *that* was accepted. Password rules are silly!
I'm *not* a security export and don't even play one on TV, but here are my thoughts on the whole idea.
领英推荐
If you are responsible for the security of your organization here are a few additional thoughts:
I want to be as clear as I can be, there is no silver bullet that will make you and your organization secure. The bad actors of the world are wicked clever and their efforts to take what is your are relentless. As we learned when the details of the LastPass hack finally came out, bad actors will find the smallest exploit to get into your systems. In that case, the bad guys exploited a known flaw in a Plex Media Server in an engineers home to put a key logger on his laptop. When he later used that laptop to login to secure systems at Lastpass the bad guys had stolen the keys to the kingdom. LastPass had done all of the right things in their enterprise network, the bad guys found an entry point in the home of one of the four engineers who had access to all the goodies. The point of the story is not to keep us all up at night but rather to point out how vigilant we all need to be. The odds are good that none of us are a "high value target" with credentials to the LastPass master password vault but we still need to have our eyes open at all times and that is especially true when it comes to protecting our identities.
Good luck out there!