Hey I know this is a case of the pot calling the kettle black, but at least I learned from my mistakes. There was an interesting article in the NY Times the other day based on a report from Imperva. It seems despite all of the publicity around ID theft and hacking, a sizable number of people still use ridiculously easy passwords to protect their most valuable information. You know the kind I am talking about. You need a 6 character password and you pick 123456. Is your password – password? Does every single person need to get hacked into before they will change? I am afraid so.
The information for the Imperva report came from a posted list of 32 million passwords hacked from a site called RockYou. This is believed to be one of the largest list of passwords made available to both hackers and researchers outside of the FBI or Homeland Security. It is a fascinating look across a wide swatch of what people are doing for passwords.
So if no amount of education is going to change this, what should we do? When will we move to keys, tokens or smart cards. It is painfully obvious that there is something about humans and strong passwords that just doesn’t compute. I say stop beating the dead horse here and lets put our efforts into something that has a chance of success.