fbpx
Share

It’s time to kill the password

By Richard Dornhart, National Security Practice Mananger, Data#3

Passwords make me stop and think.

Typically, I am trying to think – “what is my password?”

I’m sure I’m not alone in this situation. I recently read the average user has 26 password-protected accounts but only five different passwords! I suspect this is because most of us cannot remember 26 different passwords therefore we reuse the same password over and over again.

I’ll admit, there are some clever people out there that have photographic memories, or an enviable knack for remembering strings of complex letters and numbers. However, for the majority of us, our passwords end up being a combination of letters and numbers that are simply easy for us to remember and repeated. We then typically change one letter or number every 90 days just to comply with the corporate password policy.

When it comes to Cloud based services, many of these sites do not even force a regular password change. How many people do you know that regularly schedule time into their diary to regularly change their Gmail or Spotify passwords? Those among us that are lazy probably rarely change these passwords. I am not saying everyone is lazy, I am just saying most of us have enough going on in life and changing passwords is not top of the list.

Passwords guard our valuable assets.

The scary truth is that today, passwords are typically all that stands between us and access to our most valuable assets; our money, super, credit cards, insurance, online storage, email, streaming music…and this list is getting longer. It sometimes seems like a daily event to sign up for a new service that requires a username and password.

In our corporate lives the same is true. There was a time when we only needed to log in once to our work computer to gain access to all the required resources we needed to do our jobs. Today, we are required to log in from multiple devices, access multiple applications, some of which are internal, some in hosted in Public Cloud environments and some delivered “as a service”. We are going through change at a rate we have never seen before.

What is interesting is with all this change, one thing has remained constant, THE PASSWORD.

In most cases we are still using passwords as the primary authenticator. I have noticed many sites now rate my password before I submit it. These sites tell me whether it is complex enough or not. Suggesting I use a capital letter, a number or a symbol before it will be accepted. This is not a solution, as a matter of fact it makes the problem worse. Now I have taken my old faithful password and added a capital letter, a number and a symbol. Guess what? The next time I need to use it I have no idea what it was.

So, what’s the solution?

One solution to this password sprawl gaining popularity is a password vault. This does work however, depending on the provider you choose, you may need to install and synchronise a client on your iPad, Surface, Laptop, iPhone and Desktop. All this just to support 8 – 15 characters. Password complexity is not the answer.

It’s time to KILL THE PASSWORD.

It’s time to adopt technology such as two factor authentication, one-time-passwords or biometrics. We should consider the opportunities these technologies can provide for us:

  • Less calls received to the help desk
  • Reduced risk for organisations
  • Most importantly, sanity!

I believe there will be a day in the not too distant future where passwords will be history. For now, instead of using the same password and changing one letter every 90 days, consider a longer password like a song lyric or a favourite poem or phrase. As a general rule, the longer the password, the longer it will take to crack.

Go on and #KillThePassword.

For help on how you can ‘Kill the Password’, contact me on LinkedIn or complete this online form.

Tags: Security

Featured

Related

Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…

Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…

K-12 Video Period
Securing the school network amidst escalating threats

Security threats are now a routine problem for increasingly connected education institutions. The good news is that a new generation…

Protecting Data in a Cloud World: What You Need to Know About Azure Backup

Welcome to part 1 of our 3-part blog series, exploring data protection options and considerations for when you’re operating in…

The Southport School Revisited
The Southport School: Four Years On

How have their investments in wireless networking and security paid off after four years? Download Customer…

Palo Alto Security Growth Partner of the Year
Data#3 Triumphs with Palo Alto Networks Security Award

November 11, 2022; Sydney, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…