Top
Navigation
The Black Book of Identity Access Mgmt
This form does not yet contain any fields.
    « Workflow in the skies | Main | Web service security – when and where »
    Tuesday
    Mar252014

    Are passwords dead? Still? Really? No kidding?

    DateTuesday, March 25, 2014 at 10:06AM

     

    I'm in a writing group at my library. The group brings their brilliance a couple of times a month and we critique each other, and it's a wonderful thing. Even a part-time novelist like me can always use tips and hints.
    We also trade the wisdom from very successful writers we like. Recently, one of our members brought up something I first heard in high school: never start a story with "the alarm clock rang." It's been DONE. Whatever clever thing you think you're inventing has been done to death. Whenever you think you're being original, try harder. 
    So it's gotten very annoying to read, over and over and over, articles entitled "The password is dead." Everbody thinks they're being clever, apparently. An old friend of mine just gave a talk on "passwords are dead" in the UK. When I heard, I thought, oh crap, him too.
    It's time to move on. In fact, I'm going to provide encouragement here to do so, by summarizing what all these articles say. Save yourself the time. Here we go.
    We get it. Yes, passwords are easy to hack. Keyloggers steal the creds as you use them. Cracking programs figure them out (although a 3 strikes and you're out scenario takes care of that). Linked accounts mean a single compromised account can compromise ALL your accounts, including Facebook, Twitter, email, your bank, etc.
    Observe some best practices:
    Get yourself an email account for password resets that isn't your usual one. I have one just for registering for junk that might end up turning into spambot targets. And don't make it first-dot-lastname. Make it something stupid and random.
    Don't use real answers for your security question. Mother's maiden name is a FINE question, as long as the answer you provide is something else entirely. Remember, a 2008 vice-presidential candidate's email got hacked because somebody clicked on Forgot Password and provided the easily-Googled answers.
    Don't use common words, your wife's name, your kid's name, your favorite sports team as your password.
    Don't keep using the same passwords over and over. When your password expires, don't go back to it. EVER.
    Keep passwords long. Each additional character means another order of magnitude for crackers.
    As an enterprise, consider multi-factor. IP address, device fingerprint, anything at all that can be used in conjunction with credentials is a good thing. 
     
    There, all done. 

     

     

    AuthorJeff the IAM Guy | CommentPost a Comment | Reference29 References |
    tagged

    PrintView Printer Friendly Version

    EmailEmail Article to Friend

    References (29)

    References allow you to track sources for this article, as well as articles that were written in response to this article.
    • Response
      Response: click through the next document
      at click through the next document on July 22, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: just click the up coming article
      at just click the up coming article on July 26, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: check over here
      at check over here on July 29, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: holidays from ireland in july
      at holidays from ireland in july on August 21, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: achica
      at achica on August 21, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: review
      at review on August 25, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: just click the up coming internet page
      at just click the up coming internet page on August 30, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: contemporary Furniture shop london uk
      at contemporary Furniture shop london uk on September 11, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: best way to smoke weed
      at best way to smoke weed on September 13, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: check out the post right here
      at check out the post right here on September 18, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: www expedia co uk flight search round trip
      at www expedia co uk flight search round trip on September 22, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: recommended
      at recommended on September 23, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: just click the up coming internet site
      at just click the up coming internet site on September 23, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: Highly recommended Webpage
      at Highly recommended Webpage on September 23, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: mouse click the next web site
      at mouse click the next web site on September 23, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: http://www.fotostuenti.info/Profile/kamargaret
      at http://www.fotostuenti.info/Profile/kamargaret on September 24, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: my explanation
      at my explanation on September 24, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: alivenotdead.com
      at alivenotdead.com on September 24, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: http://media.espora.org/
      at http://media.espora.org/ on September 26, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: http://media.espora.org/
      at http://media.espora.org/ on September 26, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: this content
      at this content on September 26, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: this content
      at this content on September 26, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: cheap holidays to spain from ireland
      at cheap holidays to spain from ireland on September 26, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: agree with this
      at agree with this on October 10, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: http://www.obmennik1.com/
      at http://www.obmennik1.com/ on October 11, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: online store for men
      at online store for men on October 23, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: this alternative to vouchercodes.co.uk
      at this alternative to vouchercodes.co.uk on November 2, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: social.youth-helpline.in
      at social.youth-helpline.in on November 3, 2014
      Identity and Access Management Framework Book - Journal - Are passwords dead? Still? Really? No kidding?
    • Response
      Response: JianFeitj
      by JianFeitj at http://jianfeitj.com on February 12, 2016
      They were manufactured by way of a company by the name of the McCulloch Motor Company.

    Reader Comments

    There are no comments for this journal entry. To create a new comment, use the form below.

    PostPost a New Comment

    Enter your information below to add a new comment.

    My response is on my own website »
    Author Email (optional):
    Author URL (optional):
    Post:
     
    Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

    Notify me of follow-up comments via email.