Some Different Ideas on Password Security

Quite frankly, a password is not the solution to security. It’s at best a hack (old term) to get by until someone thinks up something workable. The users aren’t wrong to reuse poor passwords. Insecure, yes, but not wrong.

With the vast number of websites people use, it is nearly impossible to have a unique password for each one. Password reuse is simply a natural consequence of using the web.

Complex passwords are hard to remember, and people want ease of use and convenience. Who wants to (or is even able to) remember twenty passwords that look like “sdfgh*7&456#56?7DGBFD”? FAQs about Windows 7 password recovery may result from frequent password change or complex password.

The “secure” alternatives are remembering a ridiculously complex password for every site, using a password management system that more than quadruples the login time for everything, or not logging in anywhere.

And then those get hacked because they were important enough, or the password management system was on their phone and it got compromised, or someone broke the security on a company’s server and got all the passwords, account information, or whatever else you were expecting it to protect, making all that complexity worthless.

Unlike the “install and forget” approach AV provided, password security is an ongoing, constantly time consuming effort, which gives users a feeling of wasted effort every time this happens. We as an industry are the problem, not the 99.99% of users who don’t follow “proper” security measures. Passing the blame on the vast majority of people is never a meaningful approach.