Passwords and codes have been a mainstay of security since the dawn of time. Codes to allow you entry to the castle, to prove which side you\u2019re fighting for, to establish membership of your gang at school or to exchange messages with your first loves. Aah. In the modern era, they\u2019ve come to be used to protect access to everything from your take-away account to your fitness tracker, your email, and your money. <\/p>\n\n\n\n
Now, before you all cry out: there are undoubtedly modern improvements for strong authentication \u2013 multi-factor authentication, biometrics, one-time passwords and password-less access can all reduce the risk of a malicious actor finding a static password and gaining access to your systems \u2013 and these should be implemented \u2013 however, passwords are NOT going away just yet in many cases.<\/p>\n\n\n\n
The big problem is we\u2019re human; we like things to be simple and, we have picked up some misguided ideas about the protection we think we need.<\/p>\n\n\n\n
Here are a few common thought processes:<\/p>\n\n\n\n
It’s funny, but there’s an important point here: we have too many passwords \u2013 we’re asked to create them for almost everything, leading to one of the biggest problems; theme and variation.<\/p>\n\n\n\n
So, much of the received wisdom about passwords quickly fall under scrutiny as you can see. In reality, only a few things make any difference:<\/p>\n\n\n\n
One thing we have not addressed is the proliferation of passwords. They\u2019re everywhere and this makes us lazy. We do not ascribe as much importance to our takeaway ordering service as we do to our bank, but research says we’re likely to use the same password. And while the bank may use additional authentication mechanisms to reinforce your password, the takeaway likely will not.<\/p>\n\n\n\n
So, what can we do to reduce this risk? Research says there are two things:<\/p>\n\n\n\n
a. protect your passwords by using one of your trusted authentication mechanisms<\/p>\n\n\n\n
b. reduce the need for you to remember and reuse passwords<\/p>\n\n\n\n
c. encourage you to select strong, unique passwords by generating them for you<\/p>\n\n\n\n
d. assist you in logging in more securely to services which require passwords<\/p>\n\n\n\n
e. check your credentials against known compromises and prompt you to change those which are affected<\/p>\n\n\n\n
Now some of this may seem counterintuitive but let it sink in -the fewer passwords we need and the less human contact we have with them, the better.<\/p>\n\n\n\n
We\u2019ve established that:<\/p>\n\n\n\n
Advice For Admins<\/strong><\/p>\n\n\n\n Advice for Users<\/strong><\/p>\n\n\n\n 1. Rather than using short, visually complex passwords, think of a memorable phrase made up of 2 words or more \u2013 it doesn\u2019t matter how simple it is for you to remember; it\u2019s the number of characters which counts<\/p>\n\n\n\n 2. Don\u2019t include any words or patterns which are associated with your identity or those around you;<\/p>\n\n\n\n a. avoid people, company and place names, ID numbers or job related information<\/p>\n\n\n\n b. avoid repeating characters, words or patterns<\/p>\n\n\n\n 3. Use a password manager \u2013 let it suggest good passwords, let it store them for you but make sure you take the security around the password manager seriously<\/p>\n\n\n\n And a final thought – don\u2019t delay. The measures discussed here may look overwhelming, but many make the end-user experience SIMPLER rather than more challenging, so they will thank you for implementing them. <\/p>\n\n\n\n All the major platform vendors and identity providers have their own feature sets to support these measures so start to look for areas where you can improve identity management and protection, detect risks, enable and encourage better password behaviour and chip away at the problem little by little. You can do it! <\/p>\n","protected":false},"excerpt":{"rendered":" Passwords and codes have been a mainstay of security since the dawn of time. Codes to allow you entry to the castle, to prove which side you\u2019re fighting for, to establish membership of your gang at school or to exchange messages with your first loves. Aah. In the modern era, they\u2019ve come to be used… Continue reading Pass the Passwords to the Left-Hand Side<\/span><\/a><\/p>\n","protected":false},"author":94,"featured_media":6339,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[20],"tags":[],"class_list":["post-6338","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/6338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=6338"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/6338\/revisions"}],"predecessor-version":[{"id":6340,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/6338\/revisions\/6340"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/6339"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=6338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=6338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=6338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}WHAT NEXT?<\/h3>\n\n\n\n