LOSING THE KEYS TO THE KINGDOM
It seems that Internet billionaires are just like us: they choose terrible passwords and then re-use them across multiple accounts. This week we discovered Facebook CEO Mark Zuckerberg used ‘dadada’ as the password for his LinkedIn, Twitter and Pinterest accounts. Attackers highlighted Zuckerberg’s security shortcomings by hacking the accounts and displaying digital graffiti. Embarrassing certainly, but not damaging.
Others have been less fortunate, suffering compromised accounts and financial loss. Service providers cite password re-use as a major culprit. That’s hardly surprising given the average person has dozens of accounts to keep secure many of which are rarely used. A password manager is one solution, but many people fear putting all their eggs in one basket and such services have been breached before. Two-factor authentication is surely the option that would work best for most users, so why do more people not take advantage of it?
Every data breach, especially the mega-breaches of late, makes cracking the next batch of stolen passwords easier. We cannot rely solely on passwords for security and nor can we blame users for ignoring best practice when it is so impractical. The human mind simply cannot remember multiple unique and complex passwords. The time to reassess authentication is long overdue. Users may have a responsibility to maintain good security hygiene, but service providers have a responsibility to save us from ourselves and deliver better authentication solutions.
**This article was originally published as part of the Dow Jones Cybersecurity Newsletter, a weekly digest of news with commentary and analysis. Sign up for free at http://eepurl.com/b2BOdT**