Password Fail: Are Your Workers Using 123456? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Password Fail: Are Your Workers Using 123456?
Threaded  |  Newest First  |  Oldest First
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
1/20/2015 | 7:09:42 PM
memory classes anyone
so far nothing beats regular passwords.  As much as IT staff advises people to manage their passwords better.  The same passwords appear over and over again.  People just have too many password and can't remember all of them.  May be the solution will be for people to learn how to memorize all these complicated password. 
jastroff
50%
50%
jastroff,
User Rank: Ninja
1/21/2015 | 5:20:56 AM
Re: memory classes anyone
I don't think I ever used "password" but I've always been fond of it. I went for the sequence of numbers -- same word, but 1, 2 3...and then I couldn't remember them anyway. Good software, for home or enterprise, makes the person select something that's difficult to break, and therefore impossible to remember, and so it's written down!

On the consumer side, using Dashlane, which synchs between phone/tablet/pc is a wonderful solution. Has anyone been using this in the enterprise space? 
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/21/2015 | 7:14:50 PM
Re: memory classes anyone
@jastroff, I think using your birthday is another bad password. 123abc is risky as well.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
1/22/2015 | 6:12:58 AM
Re: memory classes anyone
@angelfuego: Having multiple passwords is okay but maintaining these passwords are difficult. Similarly most software security people tell to change passwords every now and then, which is again another problem.
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/27/2015 | 9:13:21 AM
Re: memory classes anyone
@Sachinee, Absolutely! You also have to be careful when you write down your password and where you place the list. Your security can be breached that way as well.
Canamjay
50%
50%
Canamjay,
User Rank: Guru
1/21/2015 | 12:38:50 PM
Re: memory classes anyone
interesting that this seems to follow the current trend of taking the focus away from site managers security responsibilities and ... blames the users for security breaches!! Well known security vulnerabilities have been exploited across a broad spectrum of networks and of course, every time , the user has to change passwords. There would be much better overall security if the IT folks (and the enterprises that employ them) practised proper security methods. It is clear they do not and software vendors like Oracle are at least equally to blame. Clean up these vulnerabilities and mal practices before leaning on users about their passwords which are much less often the point of breach. This is one of the worst articles I've read on this subject.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
1/21/2015 | 1:28:20 PM
Re: memory classes anyone
It would be a whole lot easier if there were one type of naming convention for all passwords and then I could actually remember them, but as it stands, since websites continue to change the requirements (you must have a symbol, a symbol and a number, a symbol, number and captial letter, a symbol, number, captial letter, special character...ugh!!)  I have resorted to violating rule #1 of password protection-ness: writing them all down.

I guess I could go back to every website I visit and update all my passwords to be the exact same.  Am I actually going to do that?  No.

I guess I could store them in the cloud somewhere or with one of those fancy password keeper apps, but is that anymore secure?  What if I forget the password to that site?  I'm at a loss.  So if someone steals my little Hello Kitty notebook, I'm in big trouble.

 
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
1/21/2015 | 3:20:13 PM
Re: memory classes anyone
Well, single sign-on was really aimed at fixing a lot of the issues, at least for corporate sites.  less passwords to remember, and the promise of increased security due to better authentication.  That being said, it will never address the real-world realities of every other non-work site and the risks that are inherent.  Humans are inherently lazy, and the reality is the this conversation is going to continue way too much longer than we would all like to see it.  My bet is the same password, 123456 will top the list again next year!
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/21/2015 | 7:03:58 PM
Re: memory classes anyone
Lol! I cannot believe people are actually using "123456" as their password! I am shocked! It really is not a wise choice, unless you don't mind having your security compromised.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
1/22/2015 | 6:22:54 AM
Re: memory classes anyone
@Stratustician: Most sites nowadays have a "Login with Facebook" and "Login with Google" as an option present. So if we know both of these passwords we can login to these sites without creating a profile for our own. These websites simplify things, al though I don't know if they are safe when protecting user data is concerned.
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/21/2015 | 7:11:43 PM
Re: memory classes anyone
I sometimes wish that I would take the time to make all of my passwords the same as well. Sometimes the problem for me is that I forget the answer to some of my security questions. I obviously remember the answers to the questions regarding the middle names of my parents, But I forgot the answers to the questions that I ask what is my favorite movie or favorite food? I came across this issue when I was trying to change one of my passwords recently.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
1/22/2015 | 6:20:04 AM
Re: memory classes anyone
@angelfuego: You can maintain an Xcel document on your workstation that has all the websites along with the passwords of those websites and you can also lock that particular document so that it is difficult to hack it. Once you make the document you can ease yourself and even if you forget, you would still be having the password list on your station. Pretty neat, I would say.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
1/22/2015 | 11:47:51 AM
Re: memory classes anyone
@SachinEE - This is what I do actually, not because I feel it's the most secure way, but because it is the easiest way for me to retrieve it.  

I just feel like I would be better served it these sites would stop trying to protect me from myself and allow me to decide the level of security I need.  Kind of how you can choose to opt-in to two step authenication if you want, which for certain sites I do.  But if there's a site where I have no personal information like bank info, credit cards, ssn, etc stored, I don't really care if someone hacks it.  You could go through my garbage and get my home address.  Without the other stuff, it will do you no good.  So on sites like those, just let me keep my old 8 character, alpha-only password please.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
1/22/2015 | 3:10:28 PM
Re: memory classes anyone
Oh for heaven's sake I just tried to use one of my 30 usual passwords to make an account on BestBuy.com and NONE of them were "strong enough" - This is the message I received:

Account security is becoming more and more important all the time. And in order to keep your account safe, we need your help. We know that creating a strong and unique password might not be easy, but it can be fun. Try using an inside joke, a rhyme, or a reference to something only you would know.

Examples: "Banana is a color?" or "Cats are not hats"

So, my password is "THIS IS STUPID" - spaces and all.   :)

Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/25/2015 | 7:26:58 PM
Re: memory classes anyone
Re: "Cats are not hats"


I beg to differ.  www1.pictures.stylebistro.com/mp/x5iDv6ulAM2l.jpg

 

 
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
1/26/2015 | 2:40:48 PM
Re: memory classes anyone
@JoeStranganelli - Clearly the folks at Best Buy don't frequent stuffonmycat.com

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/26/2015 | 9:29:03 PM
Re: memory classes anyone
@vnewman2: It's been made into a book, too!
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/27/2015 | 9:43:45 AM
Re: memory classes anyone
@Sachinee, I suppose the Excel document suggestion is one way.
MemphisITDude
50%
50%
MemphisITDude,
User Rank: Strategist
1/21/2015 | 11:28:14 AM
Is this survey using old data?
"I always set my password to 'incorrect' so when I forget what it is, the computer tells me!"

But seriously, none of the "worst passwords of 2014" depicted seem to meet modern complexity requirements? Most every site I use requires a more complex password, what Web sites still accept 123456?
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
1/21/2015 | 12:40:32 PM
Get over the hump
The problem lies mostly with the perception that saving a bunch of different passwords is going to be a real pain. Of course it's a bit slower using some password saving software, but ultimately once you've begun doing it, having customised passwords for the 30 or so sites and services you use that require them is well worth it.

Then you just have to come up with a good master password. 
impactnow
50%
50%
impactnow,
User Rank: Author
1/23/2015 | 12:08:33 PM
Password standards

The password issue is huge and only getting worse because there are few uniform standards. Every website is different and it forces users to try to come up with a methodology for remembering all these unique site based requirements. If there was a uniform standard that was adopted it would make the password issue less impactful. In the last week alone I ran into a website that required 4 digit numbers only, one that required an 8 character password with at least one number and one upper case character, one that required a picture tag and a six digit password, and one that required your new password not be the same as your previous four passwords. Is anyone else screaming in terror yet?

vnewman2
50%
50%
vnewman2,
User Rank: Ninja
1/26/2015 | 2:48:54 PM
Re: Password standards
@impactnow "In the last week alone I ran into a website that required 4 digit numbers only, one that required an 8 character password with at least one number and one upper case character, one that required a picture tag and a six digit password, and one that required your new password not be the same as your previous four passwords. Is anyone else screaming in terror yet?"

Yes.  It is maddening and a huge timesuck.  I used to be able to choose from a handful of potential passwords in my head before every website came up with some sort of random naming convention of their own - now I either have to look it up on my spreadsheet or play the "forgot password" game.
Kelly22
50%
50%
Kelly22,
User Rank: Strategist
1/26/2015 | 4:44:44 PM
Re: Password standards
I feel the same exact way. Every time I sign up for something now, my password has to have special characters, numbers, upper and lowercase letters, a picture... it doesn't end! I get that it's for security purposes, but I end up clicking "forgot password" a lot more than I used to.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/26/2015 | 9:28:07 PM
Re: Password standards
I can't even remember the last time I remembered one of my particular passwords -- let alone what the password itself is (or, for that matter, ever was).  Now I just don't do anything on that website anymore because I got tired of resetting my password and promptly forgetting the new one.
impactnow
50%
50%
impactnow,
User Rank: Author
1/26/2015 | 9:29:13 PM
Re: Password standards

I agree forgot has become my standard since so many of the password standards are maddening one particular company has actually driven me to my phone to pay my bill because it is so maddening!

Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/25/2015 | 7:29:30 PM
Human passwords
Even better human-made passwords are still easily hackable because humans tend to pick predictably patterned passwords.  Some of the best passwords tend to be lengthy and computer generated.  Of course, they're also difficult to remember -- which is why several top security experts these days actually advocate for (not against!) writing down your password...so as to better enable more complex passwords.

Of course, don't write your password on a Post-It that's stuck to your computer monitor...


2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Slideshows
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
Commentary
Adding Fuel to the MSP vs. In-house IT Debate
Andrew Froehlich, President & Lead Network Architect, West Gate Networks,  8/6/2020
Commentary
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
Register for InformationWeek Newsletters
Video
Current Issue
Enterprise Automation: Do More with Less
In this IT Trend Report, we highlight the benefits of automation and the various tools as enterprises navigate turbulent times, try to do more with less, keep their operations running, and stay on track with digital modernizations.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll