It’s time to kill the password

By Richard Dornhart, National Security Practice Mananger, Data#3

Passwords make me stop and think.

Typically, I am trying to think – “what is my password?”

I’m sure I’m not alone in this situation. I recently read the average user has 26 password-protected accounts but only five different passwords! I suspect this is because most of us cannot remember 26 different passwords therefore we reuse the same password over and over again.

I’ll admit, there are some clever people out there that have photographic memories, or an enviable knack for remembering strings of complex letters and numbers. However, for the majority of us, our passwords end up being a combination of letters and numbers that are simply easy for us to remember and repeated. We then typically change one letter or number every 90 days just to comply with the corporate password policy.

When it comes to Cloud based services, many of these sites do not even force a regular password change. How many people do you know that regularly schedule time into their diary to regularly change their Gmail or Spotify passwords? Those among us that are lazy probably rarely change these passwords. I am not saying everyone is lazy, I am just saying most of us have enough going on in life and changing passwords is not top of the list.

Passwords guard our valuable assets.

The scary truth is that today, passwords are typically all that stands between us and access to our most valuable assets; our money, super, credit cards, insurance, online storage, email, streaming music…and this list is getting longer. It sometimes seems like a daily event to sign up for a new service that requires a username and password.

In our corporate lives the same is true. There was a time when we only needed to log in once to our work computer to gain access to all the required resources we needed to do our jobs. Today, we are required to log in from multiple devices, access multiple applications, some of which are internal, some in hosted in Public Cloud environments and some delivered “as a service”. We are going through change at a rate we have never seen before.

What is interesting is with all this change, one thing has remained constant, THE PASSWORD.

In most cases we are still using passwords as the primary authenticator. I have noticed many sites now rate my password before I submit it. These sites tell me whether it is complex enough or not. Suggesting I use a capital letter, a number or a symbol before it will be accepted. This is not a solution, as a matter of fact it makes the problem worse. Now I have taken my old faithful password and added a capital letter, a number and a symbol. Guess what? The next time I need to use it I have no idea what it was.

So, what’s the solution?

One solution to this password sprawl gaining popularity is a password vault. This does work however, depending on the provider you choose, you may need to install and synchronise a client on your iPad, Surface, Laptop, iPhone and Desktop. All this just to support 8 – 15 characters. Password complexity is not the answer.

It’s time to KILL THE PASSWORD.

It’s time to adopt technology such as two factor authentication, one-time-passwords or biometrics. We should consider the opportunities these technologies can provide for us:

  • Less calls received to the help desk
  • Reduced risk for organisations
  • Most importantly, sanity!

I believe there will be a day in the not too distant future where passwords will be history. For now, instead of using the same password and changing one letter every 90 days, consider a longer password like a song lyric or a favourite poem or phrase. As a general rule, the longer the password, the longer it will take to crack.

Go on and #KillThePassword.

For help on how you can ‘Kill the Password’, contact me on LinkedIn or complete this online form.

Tags: Security

Featured

Subscribe to our blog

Related

Are your critical systems heading for the ICU? Prepare for Windows 7 and Office 2010 end of life.

Imagine being critically ill in the back of an ambulance, when just minutes from your nearest hospital you’re suddenly diverted…

Don’t just discover the cloud, control it!
Don’t just discover the cloud, control it!

End-users move constantly between devices and locations to access data when and where they need it for uninterrupted productivity. There…

Harness the Power of Digital Transformation - Data#3
Harness the Power of Digital Transformation

Watch the video below to learn why digital transformation centres on harnessing the power of people and technology to develop new…

Customer Story: Bathurst Regional Council

Bathurst Regional council moves to cloud with Software Asset Management (SAM) solution assessment Though the Bathurst region is a rural…

Digital transformation – why should it be top of your agenda?

Each year there is a new technology trend – this year it’s no different – with digital transformation at the…

Data#3 selected by Microsoft to provide Azure Migration Services
Data#3 selected by Microsoft to provide Azure Migration Services

October 08, 2018; Brisbane, Australia: Leading Australian technology services and solutions company, Data#3, today announced that it has been selected…

Customer Story: Flinders University
Customer Story: Flinders University

Flinders University Introduces Solution to Keep Students and Staff Safer Online Objective To gain the visibility needed to identify advanced…

Modern Desktop Management
Modern Desktop Management – Shift your Mindset, Not the Workload

Recently I was involved in a discussion in a Facebook group that asked the question “How do you find Intune…