Passwords, security, and inertia: A toxic brew

I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room, and had to enter a password. That password was 0123456789. It's almost too easy for hackers.

Another day, another batch of passwords swiped, or reused for attacks, or leaked out to the public.

Today, it's Yahoo passwords that have been swiped. Best Buy passwords are being reused for attacks. A month ago, LinkedIn had password issues. We've probably missed a few password security fiascos in between those security stops.

In 2009, a Google security wonk noted that passwords are useless, outdated, and a security risk. Fast-forward three years and you can slap an exclamation point on that statement.

Yet. Nothing. Ever. Happens.

The password system just won't die. I went to a meeting two days ago, hopped onto the guest Wi-Fi in the conference room, and had to enter a password. That password was 0123456789. The password should have been "why bother." On the bright side, at least the company didn't use "password" as a password.

You know the drill by now. Users keep similar passwords across accounts to remember them. Number variations are the norm.

The quick solution to this password issue is an account manager. The problem is that these systems create a single point of failure.

But Ryan Naraine said it best: "These password managers are a single point of failure, but it's the best of a terrible world. The alternative is that everyone uses password123 for all sites."

This story originally appeared on ZDNet.

Tags:
Security
Yahoo
About the author

    Larry Dignan is editor in chief of ZDNet and editorial director of CNET's TechRepublic. He has covered the technology and financial-services industries since 1995.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments