This is getting silly. We're all familiar with password complexity rules intended to help us create "strong" passwords that are harder to crack. Those of us who have been paying attention will know that the real outcome of this approach is to create passwords that are surprisingly easy for computers to crack but really hard … Continue reading Oh for Pete’s sake (passwords again)!
I’ve said before that much of your risk is internal. Here’s another piece of evidence: a survey by Sailpoint found that 27% of US employees would sell their work password for as little as $150. But of course it goes further than that. If they’ll sell their password, what else will they do? Will they … Continue reading Some people would sell their grandmothers
Here’s a thing: all software vendors and all websites assume they’re at the centre of your universe. Most of them are wrong. Why do I say this? Because they make it so astonishingly difficult to use their products and services infrequently.Observation 1: software updatesIf you use a given computer, or other device, every day then … Continue reading The agonising problem of infrequency
A training provider we use recently posted this. The executive summary is: "Use a 9-character password with upper- and lower-case text, numbers and symbols and your password will be 'unhackable'". According to the author, it would take about 45,000 years to hack using a brute force tool. Unfortunately, this is plain wrong. Brute force hacking … Continue reading Why can’t people get the message about passphrases?