This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
The password-changing policy is possibly the worst. It makes no account for employees who actually have strong passwords and also fails to take into account actual risk. That's how you get simple-to-guess/hack passwords.
Not to mention family members and friends who may become aware of their loved ones' passwords in other ways.
I once went on a date with someone who told me that because of her company's onerous password-changing requirements, she always just did a minor variation of the same (easy-to-guess) word.
This is exactly why many security experts today advise what was once taboo advice -- that people write down their passwords, specifically to allow for greater complexity and entropy. Better you write down your password and keep it in a secure place (for instance, not on a sticky note on your computer monitor) and it be super hard to remember than have an easy to remember (and easy to guess/hack) password that you don't write down.
BarbaraJohnson, User Rank: Author 12/12/2015 | 7:22:21 PM
Nice compliation of bad habits and statistics
I especially like "*54% of employees share login information with family members so they can access their computers, smartphones and tablets" It's a good specific point to add into user awareness material.
I bet we're all guilty of something on this list, even those who are pretty good with password security. They're endlessly annoying though. You have to remember them, yet make them complicated and change them regularly. It's such a headache.
The amount of services we all use now too, there's no way to remember everything. But then do you change your password storage login often? If you forget that, the pain-in-the-neck of having to reset everything is ridiculous.
Black Hat USA 2022 Attendee ReportBlack Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
How Enterprises are Developing Secure Applications Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.
To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Black Hat USA 2022 Attendee ReportBlack Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Tweet This
0 Comments
