Tuesday, August 21, 2012

Password Security

Ars Technica has an excellent article on the state of password security. It used to be that if you had a password with a mix of lower and upper case letters that was at least eight or nine characters long you were pretty secure. However over the past several years, the art and science of password cracking has changed considerably. The bottom line is you and your organization may be more at risk than you think. If your passwords aren't at least 13 characters long, you're not using randomly generated passwords for sensitive accounts and information, and you don't know what KeePass or Password Safe are, be sure to read the article.



Anonymous Thoughtful said...

I think one of the other issues with current state of password security is the restrictions that some sites place on passwords. For example, some sites will say your password must not be longer than say 10 characters and can only be letters and numbers. This instantly makes the password much, much more vulnerable.

I think NGOs can be particularly guilty of this. Often NGOs deal with sensitive information, whether that is beneficiary lists, security incidents, or HR files. These are often placed in forums, wikis, or other online depositories. Then you have the options to make a limited password or, worse, a simple generic password is given to everyone.

I think there needs to be improvements on not only the side of everyday users - with better, random and unique site passwords - but also on the side of websites to allow users to have these better, random and unique passwords.

9:48 AM  

Post a Comment

<< Home