Steve Smith talks about weak passwords, current actions companies are taking, and how your weak passwords lead to future hacks and accounts being compromised.
Episode #6-39 released on June 13, 2016
Millions of accounts have been hacked, and every year millions of users continue to use old passwords, which is dangerous on its own. However, those that are the worst culprits, users with weak passwords. Not just weak, but commonly used weak passwords. People have yet to learn just how ignorant they just are using weak passwords. And when other services become compromised as the result of weak passwords, many will blame the service. That ends now.
Databases of passwords online have led to a very particular side effect on the Internet. The ability to see the most commonly used and weakest passwords. And, the other issue is account hijacking. TeamViewer, as well as many unpublicized web-sites and services, currently seem to be the victim of other data breaches. Hackers can then gain access to all your accounts if your passwords are the same everywhere, especially if your email, and username is the same everywhere, too.
Microsoft, myself, and many other companies and web-sites are now moving towards the automated banning of weak, and commonly used passwords that have been revealed in databases through the years in a move to protect the entire Internet as a whole. Your weak password ruins the Internet for everyone, not just an opinion, but a fact.
However, it is my opinion, as well as others, that 6-8 characters continue to be too weak to defend against brute force attacks on misconfigured web-sites and services. Moving from 8 to 9 characters as a minimum password length, makes it harder to decode, and longer passwords are even better.
The other issue is how people currently format the passwords, but as previously noted by many, giving you a trick to create a better password, will weaken all the accounts of those who take the same advice. So, for now, while we continue having to use passwords till a better option comes around, we should be making our passwords as random as possible, and web-site programmers should open up the code to larger character selections. Activation of two factor authentication should, also, become more widespread, and I've gone as far as mandating it as a requirement that cannot be opted out of, for newer sites I code.
And, I want to leave you all with one thought, because it seems that a lot of people do not comprehend this basic notion. If you lent your keys to a friend, with the address on the keyring, and their house was robbed, then yours, with your key. Which lock failed? The same applies to web-sites. If a badly made web-site is hijacked, and the database stolen, we can blame them for poor practices. I just don't understand why people, also, blame companies with good practices, when the users are the issue at fault, in those cases.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions