Each year on the first Thursday in May, World Password Day is meant to serve as a reminder of the importance of good password hygiene. It is a holiday that Mark Burnett first recommended in his book, Perfect Password: Selection, Protection, Authentication. Eight years later, Intel officially recommended that the first Thursday in May be designated as World Password Day and it has been observed ever since!
Last month, I highlighted a topic about how some of tech’s biggest names want a future without passwords in an edition of the Snap! As you might imagine, it was debated in the responses. In fact, freakoutadams made a great point:
“Exactly, passwordless just means authentication and authorization done by means other than a punched-in passphrase and could take into account regular business hours and typical duties, preventing a bad actor from trying to impersonate you at 3am across the globe. But that leads more into zero trust territory, though the two would complement each other well.”
While writing this, I did a little searching and came up with some interesting stats that are being referenced across the internet.
54% of all employees reuse passwords across multiple work accounts (Yubico)
“123456” is the most common password in the world (NordPass)
51% of people have the same password for their work and personal accounts (Dataprot)
Over 80% of data breaches are due to poor password security (Idagent)
65% of people don’t trust password managers (Password Manager)
42% of organizations rely on sticky notes for password management (Ponemon)
Will we see a “passwordless” future? Possibly but I feel it is safe to say we’re not going to see that as a standard in the next few months. So what do we do in the meanwhile to help make the internet and the users you support a bit safer? And don't forget that device security starts with you (sad but true, I wished I had a Smokey the Bear hat when I wrote that). It's not just the need for solid passwords and improved cybersecurity that is absolutely critical but also educating your users. Are you doing anything today to help bring awareness to this holiday and inform your users on what they should be doing?
Password management solutions have saved me a lot of time and effort, alerted me to breaches and helped me pick stronger passwords.
Passwords are like underwear.......
The consensus is that you don't need to change them anymore?
"You may have heard that Microsoft changed their guidance on password expiration policies. On May 23, 2019, they released a blog post explaining their decisions.
As cybersecurity experts already know, the average human has a password that is easy to type and therefore, easy for a computer to guess. And forcing them to change the password every few months doesn’t change the fact that their password is easy to guess. Modern computers can brute force an eight-character alphanumeric password in hours. Changing one or two characters in that eight-character password isn’t going to make it any harder."
They look better on the bedroom floor? though i am not a fan of endless amounts of pieces of paper strewn about the place.
Passwords are like underwear, they keep my private stuff hidden.
Passwords are like underwear, they are restrictive and make me uncomfortable.
Passwords are like underwear, it sucks when you use the wrong one.
Passwords are like underwear, you should never share them with your significant other.
Passwords are like underwear, you shouldn't leave them lying around for everyone to see.
Passwords are like underwear, you shouldn't use the same one for everything.
That's all I have for now, I'll come back if I think of some others.
Wait one more. Chuck Norris doesn't use passwords, he WANTS you to try and take his stuff!
My favorite line would be from Big Hero 6.
Passwords are like underwear.....
"I wear 'em front. I wear 'em back. I go inside out. Then I go front and back."
Was one of my favorite lines he wrote.
A password is still a critical part of the security trifecta: what you are, what you have, what you know. 2FA is better that any single part, 3FA is best. All 3 parts are circumventable, and it's even been proven time and again that 2FA can be bypassed. I'm sure that 3FA can also be bypassed, but it's the most secure we've got without going disconnected.
Passwords won't ever go away in my opinion. We'll have easier methods of logging into things but there will always be a password somewhere under the added layers haha.
Somehow I missed this until just now but apparently, our very own Peter (Spiceworks) had a great quote about World Password Day in the article "Get Expert Advice During World Password Day 2022" on VMBlog:
"The pandemic-driven shift to remote work made it common for corporate devices to operate from insecure home environments. Increasingly, to add additional layers of security, businesses are turning to multi-factor authentication, in addition to passwords. SWZD’s State of IT report revealed that plans to use hardware-based authentication jumped from 54% of businesses in 2020 to 68% in 2022. Additionally, plans to adopt biometric authentication grew from 39% of businesses in 2020 to 46% in 2022."
A lot of other great thoughts on this in the whole article if anyone wants to read it:
https://vmblog.com/archive/2022/05/05/get-expert-advice-during-world-password-day-2022.aspx
Too many legacy systems cause issues with passwords.
Too many legacy systems cause issues with passwords.
Exactly this. I work with state government systems whose regular Web coding is still something out of 2003.
I'm still amazed that my passwords aren't LIMITED to 8 characters!
Will we see a “passwordless” future?
We've recommendations in our field guide on posing questions. At the bottom of its web page, there are further recommendations for posing good questions. As far as I remember, they recommend a to pose questions more openly.
Asking if the future of authentication will be without passwords falls short of options. There may be organizations sticking with passwords as only option of authentication. But due to public regulation, they'll be required to use other forms of authentication if they want to continue using specific regulated services (e.g. some banking services) and may even be forced to use such services (e.g. tax declarations), even if they don't use that level of authentication within their organization. There exist options of MFA which include a password option. So asking about a future without passwords will limit the options for MFA too. It would be more interesting to know how many solutions we use that require authentication, how many of them use passwords as only form of authentication, how many use 2FA, how many use MFA, how many of the 2FA and MFA use cases continue with passwords while how many of these get rid of passwords. Such a question would give a broader view.
And don't forget, one time passwords (OTP) are passwords too. They may have also a time limited validity. They are often used in the context of first authentication and request the user to create either a new password or configure alternate authentication options. Nevertheless, they're still passwords.
And I missed the section announcing when will Spiceworks implement MFA for which of its tools as requested in several feature requests.
Your daily dose of tech news, in brief. Way back on this day in 1995, Spyglass went public. Not sure who they were? Spyglass was founded by students at the Illinois Supercomputing Center, which also inspired Netscape Communications Corp, and they (...
June 30th is work from home day and in this new age of working from home, many people only interact with their coworkers in virtual ways, particularly if they assumed their role mid-pandemic. In fact, bizarre as it may seem, some people have never met th...
Today is my last day at my current job. The company interviewed several candidates and picked the best one they could find. I had no input in this process. Not a big deal. The new guy started yesterday, and we walked through the 4 properties I manage, and...
Hi, I have a Windows Server 2016 Datacenter Version 1607 build 14393.5192 server as a Hyper-V guest OS running remote desktop services that a few users access from home to access local services while off site.I am currently having an issue where Edge is u...
Welcome to another new week. Here is another bundle of fun stuff to get your week off to a good start. Remember to click that Spice button! Today in History: 27th June 2017 – NotPetya Malware knocks out syst...
