Password Fail: Are Your Workers Using 123456? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Password Fail: Are Your Workers Using 123456?
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
impactnow
50%
50%
impactnow,
User Rank: Author
1/23/2015 | 12:08:33 PM
Password standards

The password issue is huge and only getting worse because there are few uniform standards. Every website is different and it forces users to try to come up with a methodology for remembering all these unique site based requirements. If there was a uniform standard that was adopted it would make the password issue less impactful. In the last week alone I ran into a website that required 4 digit numbers only, one that required an 8 character password with at least one number and one upper case character, one that required a picture tag and a six digit password, and one that required your new password not be the same as your previous four passwords. Is anyone else screaming in terror yet?

vnewman2
50%
50%
vnewman2,
User Rank: Ninja
1/22/2015 | 3:10:28 PM
Re: memory classes anyone
Oh for heaven's sake I just tried to use one of my 30 usual passwords to make an account on BestBuy.com and NONE of them were "strong enough" - This is the message I received:

Account security is becoming more and more important all the time. And in order to keep your account safe, we need your help. We know that creating a strong and unique password might not be easy, but it can be fun. Try using an inside joke, a rhyme, or a reference to something only you would know.

Examples: "Banana is a color?" or "Cats are not hats"

So, my password is "THIS IS STUPID" - spaces and all.   :)

vnewman2
50%
50%
vnewman2,
User Rank: Ninja
1/22/2015 | 11:47:51 AM
Re: memory classes anyone
@SachinEE - This is what I do actually, not because I feel it's the most secure way, but because it is the easiest way for me to retrieve it.  

I just feel like I would be better served it these sites would stop trying to protect me from myself and allow me to decide the level of security I need.  Kind of how you can choose to opt-in to two step authenication if you want, which for certain sites I do.  But if there's a site where I have no personal information like bank info, credit cards, ssn, etc stored, I don't really care if someone hacks it.  You could go through my garbage and get my home address.  Without the other stuff, it will do you no good.  So on sites like those, just let me keep my old 8 character, alpha-only password please.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
1/22/2015 | 6:22:54 AM
Re: memory classes anyone
@Stratustician: Most sites nowadays have a "Login with Facebook" and "Login with Google" as an option present. So if we know both of these passwords we can login to these sites without creating a profile for our own. These websites simplify things, al though I don't know if they are safe when protecting user data is concerned.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
1/22/2015 | 6:20:04 AM
Re: memory classes anyone
@angelfuego: You can maintain an Xcel document on your workstation that has all the websites along with the passwords of those websites and you can also lock that particular document so that it is difficult to hack it. Once you make the document you can ease yourself and even if you forget, you would still be having the password list on your station. Pretty neat, I would say.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
1/22/2015 | 6:12:58 AM
Re: memory classes anyone
@angelfuego: Having multiple passwords is okay but maintaining these passwords are difficult. Similarly most software security people tell to change passwords every now and then, which is again another problem.
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/21/2015 | 7:14:50 PM
Re: memory classes anyone
@jastroff, I think using your birthday is another bad password. 123abc is risky as well.
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/21/2015 | 7:11:43 PM
Re: memory classes anyone
I sometimes wish that I would take the time to make all of my passwords the same as well. Sometimes the problem for me is that I forget the answer to some of my security questions. I obviously remember the answers to the questions regarding the middle names of my parents, But I forgot the answers to the questions that I ask what is my favorite movie or favorite food? I came across this issue when I was trying to change one of my passwords recently.
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
1/21/2015 | 7:03:58 PM
Re: memory classes anyone
Lol! I cannot believe people are actually using "123456" as their password! I am shocked! It really is not a wise choice, unless you don't mind having your security compromised.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
1/21/2015 | 3:20:13 PM
Re: memory classes anyone
Well, single sign-on was really aimed at fixing a lot of the issues, at least for corporate sites.  less passwords to remember, and the promise of increased security due to better authentication.  That being said, it will never address the real-world realities of every other non-work site and the risks that are inherent.  Humans are inherently lazy, and the reality is the this conversation is going to continue way too much longer than we would all like to see it.  My bet is the same password, 123456 will top the list again next year!
<<   <   Page 2 / 3   >   >>


2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Slideshows
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
Commentary
Adding Fuel to the MSP vs. In-house IT Debate
Andrew Froehlich, President & Lead Network Architect, West Gate Networks,  8/6/2020
Commentary
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
Register for InformationWeek Newsletters
Video
Current Issue
Enterprise Automation: Do More with Less
In this IT Trend Report, we highlight the benefits of automation and the various tools as enterprises navigate turbulent times, try to do more with less, keep their operations running, and stay on track with digital modernizations.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll