Fresh Thoughts #6: Please. No More Security Soundbites
- Newsletter
When you distil an idea too much, all meaning is lost.
Scrolling through LinkedIn, I came across a new piece of security advice.
“Don't reset your password until your password manager says”. 🤦♂️🤬😱🤯
Time to add it to the list.
- Reset passwords every 90 days
- Don't reset your password until your password manager says it's compromised
- Use MFA
- Use 2FA
- Use 3 random words
- Don't use words from the dictionary
- Use a long string with numbers and funny characters (that's hard to remember)
- Unique password for every system
- Just make sure your email password is unique
- Use passwordless
- Passwordless is just a short-lived password dressed in different clothes
- Use a password manager
- Save passwords to your browser
- Saving passwords to your browser is not secure
- Write passwords down
- Never write a password down
I can just about find coherence in these statements with a pedantic mind, a stiff drink, and an obsessive approach to context. Is it any wonder people are confused?
The problem... security can't be explained in soundbites.
Context is essential. There isn't a one-size-fits for all situations.
The solution?
When everyone is going short. It's time to go long.
Time for a new project - 6,000 words in 6 months: The Definitive Guide to Passwords and Authentication. Not for sales, but to explain conflicting security soundbites.
March 15, 20221 Minutes Read
