Wednesday, July 20, 2016

Passwords: How's that still a thing?

Passwords.

How is this topic still a thing? 

In two words: Mark Zuckerberg. 

In June 2016, Mark Zuckerberg got hacked and his secret password was revealed for all to see. Did it meet all those wonderful rules we learn in information security school? Was it ISO27001/2 compliant? 

Well his password was "dadada" - so I'll let you decide. 

The Wall Street Journal's Nathan Olivarez-Giles had a great article on hacking/passwords. 



The article refers to a site where you can check to see if you've been hacked https://haveibeenpwned.com/ - definitely worth checking out. 

Of course the next step is to then change the password on the 7 million devices you own, but who says hackers make your life boring? 

Passwords are the best illustration of trade-off between convenience and security: you don't want the bad guys getting but at the same time you want to make it easy to use your email and the other services that you use.

One possible antidote to this unending saga of deal with hackings - managing the convenience versus security divide - is the use of password manager services. 

WSJ's Geoffrey Fowler had an article which reviewed "1Password, Dashlane, LastPass and PasswordBox"; giving the win to Dashlane.

Of course two factor authentication, as Oliveraz-Giles points out, is a key control that we all need to implement in our lives - especially since many popular services are making it easier two use such a feature. 

The fact passwords continue to be an issue reminds us that the most challenging aspect of a system is not the technology, but the people that use them.





No comments: