Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Pew Research Study Exposes America's Poor Password Hygiene
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
4/4/2017 | 7:55:04 AM
Password hygiene and mindful choices
So I've been thinking about this...

And, okay.  I'm on board with the idea that a lot of this data implies "poor password hygiene," as per the headline, but I'm not on board with the notion that the facts presented in the 2nd paragraph on sharing passwords w/ friends and family members is *necessarily* poor password hygiene.

The question refers to "online accounts".  There's a HUGE difference between telling a casual acquaintance your email or social media password and telling your family members and/or significant other your Netflix or HBOGo password so you can all share and watch video.

There are nearly countless reasons to share certain passwords with trusted loved ones.  Couples may share bill-paying duties, use the same Netflix/HBOGo/other online video accounts, and perhaps may even use the same computer.  I've even known couples to share the same Facebook account and (especially where older/elderly couples are concerned) even email accounts -- even if the account is in only one of their names.

Moreover, what-if plans are commonly in place -- and really should be in place -- for after someone dies.

I mean, sure, sharing passwords willy-nilly is a bad idea.  And yes, sharing passwords at all increases the attack surface.  But mindfully made choices with good reason do not poor password hygiene make.  If we want laypeople to listen to us about good cybersecurity practices, we've got to be less draconian.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:46:22 AM
Re: Americans Divided
"youngeradult"

I see, that would range quite wide, it may even be not senior for that matter. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:45:01 AM
Re: Americans Divided
"provide good press-release"

I say that is always part of the game. It is always not looking bad.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:43:19 AM
Encryption
As article pointed out most people do not know what it is, it sounds like a name of an Act a government came up with and most think they do not have to know a lot about it, they are not aware of it that it is personal.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:42:45 AM
Re: Sharing Passwords
"Apple cooperated with the Feds"

I hear you. Obviously all does and they can not tell you that they do, it is part of the law, they continue to lie the public that is not a problem. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:41:25 AM
Re: Sharing Passwords
"...that agreement could end you up in jail. "

I am not up to date on this topic but never heard that somebody went to jail just because they saw patient information, mainly monetary penalty to the institution I would say.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:39:01 AM
Re: Sharing Passwords
"but only had access to "need to know" "

I agree, otherwise you would not be able to do your work. Sometime we take HIPAA too far.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:36:51 AM
Re: Americans Divided
"Study was much broader than password hygiene"

True. It is still stating what is obvious, we do not use strong password and share password among different sites, that is our nature I say. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:34:35 AM
Re: Americans Divided
"Democrats and younger adults tend to support strong encryption"

I am not sure, it depends I would say. There are democrats who are concern not having enough information on our personal lives.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/31/2017 | 10:32:17 AM
Re: Sharing Passwords
"Its astounding the amount of people that share password "

I hear you. And we are asking them to use a strong password, it is just a fun game.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41790
PUBLISHED: 2021-10-21
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.
CVE-2021-41791
PUBLISHED: 2021-10-21
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on t...
CVE-2021-41792
PUBLISHED: 2021-10-21
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to th...
CVE-2021-23139
PUBLISHED: 2021-10-21
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
CVE-2021-42011
PUBLISHED: 2021-10-21
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target syste...