Comments
'Password' No Longer Worst Password
Threaded  |  Newest First  |  Oldest First
nickytsme
100%
0%
nickytsme,
User Rank: Apprentice
1/21/2014 | 4:36:21 PM
Why people stop at "8"
In your article, you are baffled by why people stop at "12345678" and do not add the 9.  This is because a lot of sites declare that you must have 8 characters in your password.  Therefore, 12345678 meets this requirement, and 123456789 would cause you to waste time typing 9.  
RussellM074
50%
50%
RussellM074,
User Rank: Apprentice
1/21/2014 | 4:39:28 PM
Re: Why people stop at "8"
Lock people out after three failed tries.
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Author
1/22/2014 | 9:15:39 AM
How many passwords?
I have 26 work-related passwords -- some used daily, some used quarterly or less often -- written down on a sheet of paper I keep in my desk. How many passwords do you have to remember to do your job? 
WKash
50%
50%
WKash,
User Rank: Author
1/22/2014 | 6:31:01 PM
Re: How many passwords?
We use so many cloud and network based systems now, the number of passwords just for work has grown to nearly two dozen.  Add the accounts I use for managing my families personal affairs and devices ("What password did I settle on for the XBox?"), plus media sites for research, social sites, etc, and the number is literally close to 100 sites that have passwords.  I need a spreadsheet (encrypted, but probably not unhackable) to keep track of it all. Can't wait till Bill Gates prediction comes true.
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Author
1/23/2014 | 8:53:52 PM
Re: How many passwords?
Twenty-six passwords? Yikes. Don't lose that piece of paper!
gasdetectors
50%
50%
gasdetectors,
User Rank: Apprentice
1/27/2014 | 10:21:15 AM
Re: How many passwords?
Quickly changes password from 123456 to something more apt (joking)
anon5060728762
100%
0%
anon5060728762,
User Rank: Apprentice
1/21/2014 | 4:38:52 PM
Amazing
That's the same combination I have on my luggage....
PaulS681
50%
50%
PaulS681,
User Rank: Ninja
1/21/2014 | 5:57:22 PM
Password
Password should be banned on all systems to use as a password. I tell people to get a little creative. Use numbers or symbols as letters. ex pa$$w0rd. Atleast its different.
RobPreston
50%
50%
RobPreston,
User Rank: Author
1/22/2014 | 8:53:58 AM
Re: Password
The problem for users, of course, is remembering their myriad complex passwords. Enter password managers. We offered a nice roundup here: http://www.informationweek.com/security/risk-management/10-top-password-managers/d/d-id/1109759?
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/21/2014 | 6:06:41 PM
Really?
Honestly, at some point, if you're that dumb and/or lazy, you deserve to be hacked. That goes for enterprises that don't set standards to keep people from using "password" or "12345678."
WillC617
50%
50%
WillC617,
User Rank: Apprentice
1/21/2014 | 6:08:48 PM
Why bother?
When the NSA already has everything it needs. Let's not forget that what the NSA doesn't have, some Russian teenage hacker will get the rest (i.e. Target). Privacy and security is an illusion in the digital age.

 
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Author
1/21/2014 | 8:16:53 PM
So many password requirements
Most of the websites I visit require a capital letter, a number and a symbol in the password. It's annoying and tedious, but that's also probably why I have yet to be hacked.
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
1/22/2014 | 8:45:02 AM
Re: So many password requirements
What we'll see next year is that the most popular password will be 123456A!

When you make password rules too complex people get frustrated and go with the path of least resistance.  There are a few sites that I use who have crazy password requirements and I use them very infrequently.  It seems like I have to send a password reset request every 3-6 months when I need to use the site for something because I can't remember where I put the capital letter, which symbol I used and where the number goes.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/22/2014 | 9:39:08 AM
Is it time for IT to mandate password managers?
An officially sanctioned password manager, with training, may be the answer here. Given BYOD and that SSO seems to be a pipe dream, IT has to try something. What's the downside of rolling out a password manager?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
1/22/2014 | 9:54:28 AM
Another way
Check out an idea from cartoonist John Klossner. It might not totally solve your problem, but I guarantee it will put a smile on your face. Cartoon: Forgot Password? Click here.  (Paste url into your browser) 
http://www.informationweek.com/security/identity-and-access-management/cartoon-forgot-password-click-here/d/d-id/1113421?

 :-)
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/22/2014 | 1:24:44 PM
Re: Is it time for IT to mandate password managers?
Paying them? :-)  Or is that minimum wage job?

I joke but can you imagine the integrity you better have in this person?
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/22/2014 | 1:40:04 PM
Re: Is it time for IT to mandate password managers?
No, I mean password manager systems like LastPass. We rounded up 10 systems here.

It's a technology problem. Why not use technology to solve it?
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/22/2014 | 1:47:47 PM
Re: Is it time for IT to mandate password managers?
Ah, I got you.

I obviously know nothing about this kind of software but seems like it would have to integrate with a lot of stuff to work without an admin, which I was jokingly hinting at. For example, our Active Directory password has to change every 90 days. It would have to capture that to be effective. And remember what previous password(s) were because sometimes users have an old password cached locally on PC because they haven't signed on to domain in awhile. This is particular problem with outside sales guys and people who borrow loaner laptop/tablet for travel when they have desktops.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/22/2014 | 1:52:51 PM
Re: Is it time for IT to mandate password managers?
These systems aren't perfect and won't cover every eventuality, but there are a number of them to choose from. Think about it: If you take a user from having to remember 12 complex passwords to having to remember three or four (the pw manager and noncompatible systems) that's a huge improvement. Plus, some offer niceties like two-factor authentication.

 
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/22/2014 | 2:02:57 PM
Re: Is it time for IT to mandate password managers?
Sounds like I just need a better class of user if you know some that can remember 12. My users just can't even keep up with this one AD password, which automatically syncs with their Lotus Notes account. :-) So the current system is most of them have it written down on their desk somewhere, which is at least effective to keep remote hackers out. And keeping me and my admin resetting passwords frequently.

To make things worse, Corp has recently started a new policy of locking the AD account if you guess wrong 5 times. That's just inspired real joy in the user community. They screwed something up on that policy last week and managed to lock out everyone across globe who even tried to sign on with correct password. The next IT satisfaction survey won't be pretty.  :-)


Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.