Jump to content

World Password Day Must Die


NewTricks

Recommended Posts

From our very own blog: World Password Day Must Die

The existence of World Password Day is a symptom of two problems.

The first is that password authentication is a terrible design. Its success hinges on humans being good at something humans are really bad at: Creating and remembering long strings of random characters.

The second problem is that for too long we made passwords a problem for users to solve instead a problem for IT or security.

Read in its entirety.

Link to post
Share on other sites

  • Root Admin
Quote

Forcing people to create passwords to a formula, insisting on at least one uppercase letter, at least one special character etc, is out. And so are periodic password resets. Both are far more effective at annoying users than they are at improving security.

Pet peeve I've complained about for probably twenty years now.

National Institute of Standards and Technology - NIST made recommendations years ago saying this practice should be stopped, but to this day most IT Departments still force users to change their password on a fixed amount of days cycle such as every 90, 180 days.

 

Link to post
Share on other sites

 

7 minutes ago, AdvancedSetup said:

The one and only password tip you need

If you have a choice, the best form of 2FA is a password and hardware key, but you’ll need to buy a hardware key. They are worth the small investment and not nearly as intimidating as they can seem. 

And from Mark's post today:

Many users simply don't trust password managers, and unless you've sat with somebody using one for the first time, you may not appreciate how difficult it can be for people to make sense of them. (Tried and failed the first time-but gearing up for another round)

 

 

Link to post
Share on other sites

  • Root Admin

Yes, for some people I can see they might not be quite as straight forward to use, but once you do get used to them it's difficult to do without them.

I've been using Keepass probably since about one or two years after they created it. Not for everyone, but I think it's fantastic

https://keepass.info/

https://en.wikipedia.org/wiki/KeePass

 

Link to post
Share on other sites

  • Root Admin

I don't sync anything to any other device but that is me being strict and not trusting the process. I'm at home 99.9% of the time and have no need to share or sync but many others do have those type of needs.

The actual database for your password manager is the only thing synced with them.

 

Edited by AdvancedSetup
Updated information
  • Like 1
  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.