No, really. I hate them. Why? Because they provide a false sense of security. Don’t get me wrong… in the absence of all other security measures, passwords are slightly better than nothing. Like, shutting your front door is better than leaving it wide open, but not as good as locking the door, and having motion detectors on your outside lights, and having an alarm system, and locking up your valuables in a safe. Having passwords is SLIGHTLY better than nothing.
So why do we ask people to have passwords at all? Well, sometimes the law requires it. Sometimes, that’s all we’ve got.
But is that enough for me to hate passwords? No. The reason I hate passwords is that people behave as if having a password protects them from everything. It provides a false sense of security for those who know nothing about security. It allows people to think that if they put their data somewhere “in the cloud” that it’s safe. Because they have a strong password.
Here’s a good example of the general user understanding of password management: http://www.youtube.com/watch?v=qz5i171h_no
No. No. Just No. Don’t just “change the S to a dollar sign”. Really? This is the best you’ve got, CNN?
Passwords, in the beginning, were not designed to be an anti-theft device. They were used for YOU, to prove that YOU are who YOU say you are. That’s all. But if someone else knows your password, no matter how many weird characters you use, they can pretend to be you. Kind of like Tom Cruise wearing cool masks in “Mission Impossible”. Passwords are a key to door. Not a lock. Somehow, over time, people have begun to think of them like a lock to be opened – and they are about as user-friendly as a lock. And, just like your keys, it’s pretty easy to lose your password.
So if you can’t help but lose your password, then what can you do? Changing the password more often is an answer, but not the best answer, and not the only answer. This is one reason why we’ve gone to #password180 here at the university. Instead, consider 2 factor authentication for access to critical systems, including your iCloud storage, and your email. Consider removing sensitive data from your systems as soon as you’re finished with it. Consider learning more about the security practices of your IT support groups (including vendors) before you share your important data with them. Consider not auto-forwarding your email. Consider talking to your friendly security professional and asking for advice.
And when you’re all done with this, turn on your outside lights, lock your door, and arm your security system.
You’ll sleep much better.