12 September 2014

Passing comment on passwords

In the last few weeks passwords have been making headlines for all the wrong reasons. The leaked compromising photos of Jennifer Lawrence and other celebrities were front page news, after they apparently fell fowl of having ‘weak’ passwords to protect their iCloud accounts. This news has prompted an outpouring of advice from experts, telling people how to go about creating ‘strong’ passwords. In contrast The Register published a story in which Dinei Florencio and Cormac Herley rubbish the very concept strong passwords

Last week Google announced an update to its password generator that creates passwords for you and this may prove to be very useful , given that Wednesday it was reported that five million Google passwords have been leaked on Russian cybercrime forums.

Meanwhile, Yahoo has shared the 500 password that you should not use (take a look and see if you have any of them. In contrast an article published by PC Magazine suggests that: “There are safe and secure ways to share passwords, and as long as you're doing it properly, it's a perfectly acceptable practice.” I would argue that the exact opposite is true. A password is a secret!

There is certainly a lot of mixed messages and advice but the cold hard truth is that passwords are not secure, and even if you are diligent and try to make a password as complicate as possible it is still vulnerable, as a story published on Tuesday by The Daily Mail highlights. The cybercrime attack involved people are being sent an email invoice regarding the upcoming Peter Pan pantomime in Bournemouth. When the recipient clicks on the message it installs a virus that could potentially steal passwords and other information.

As I have said before a password is supposed to be a secret. But a secret is no longer a secret if you tell someone, write or type it, if you are overheard (literally or virtually) saying it, or it is stolen, and this makes the things we use passwords to safeguard vulnerable to those who want to exploit or extort us.

This week I would like to leave you with a comment from Eugene Kim published by Business Insider in which he says “If there’s anything good that came out of last week’s iCloud leak, it’s that more people are aware of two-factor authentication now.” I couldn’t agree more, but I would suggest taking a close look at PINgrid!

Author: Alissa Lang, Winfrasoft

No comments:

Post a Comment