Common Passwords, what is all the fuss about?

If you are like me - you often notice that there is a frequency of articles around password strength, passwords that are too easy and common passwords. I have been guilty of joining in the fray and adding my own pennyworth of wisdom.

Just like this article.

Preferring to avoid thinking like the crowd and seldom succeeding - my thoughts wandered to the need for passwords when the service we are using has a lower value. Think about it, there are sites and services we sign up for that often ask us for a password and we do not wish to use our best special words on them.

Most individuals are not fools, they may not be internet security experts yet they manage to have a level of modest sophistication in the password decisions they make. Let us consider a couple of scenarios ...

This site is giving me free stuff - yet they want my email and a password. As we often associate the same email address with many accounts. It is a fool's errand to use the same password for our email as well as it being the site password. Some do - but they are a small number, attacks like Oleg Pliss only expose a small percentage of actual users in this manner. Which means that the majority are actually quite secure.

I want the free stuff - be it community membership, an online course or access to something I want to download. It may be access to WiFi or a discount for coffee - who knows. But I do not want them to have my cherished access.

So, the easy and most obvious solution is to have a password that has no value yet meets the need for an assumed level of security. One capital, one number and one hieroglyph from a lost dynasty.

Who knows … Pa55word may do?

We are sharing something - how about that as a communal species we may share stuff that we acquire. With friends, family or tiddles the cat, this is normal. What level of password must we have for this and how would we manage it. The reality is that there has to be a shared secret that is secret but not too complex. Complexity is a pain, it may be generational with Grandparents as well as younger offspring all having access. I am sure this is happening with various video streaming services.

Again, you do not want to use the same password as the password for your email or your online banking, but you do want something that can be easily recalled (or guessed) by those who know you yet pass a modest strength test.

Who knows ... StarWar5 may be of some use?

As a final word …
It is easy to pillory people for their choice of password, it is smarter to think how you and I actually use them and how we value the services we are obtaining by virtue of the passwords we use.


Popular posts from this blog

HeartBleed article in @ConversationUK ...

Highlights and lowlights of 2014, a golden year for cybercrime from @ConversationUK

Simulation vs emulation vs virtualisation ....