Fresh Thoughts #6: Please. No More Security Soundbites

    Newsletter
password spelled out in keys

When you distil an idea too much, all meaning is lost.

Scrolling through LinkedIn, I came across a new piece of security advice.

“Don't reset your password until your password manager says”. 🤦‍♂️🤬😱🤯

Time to add it to the list.

  • Reset passwords every 90 days
  • Don't reset your password until your password manager says it's compromised
  • Use MFA
  • Use 2FA
  • Use 3 random words
  • Don't use words from the dictionary
  • Use a long string with numbers and funny characters (that's hard to remember)
  • Unique password for every system
  • Just make sure your email password is unique
  • Use passwordless
  • Passwordless is just a short-lived password dressed in different clothes
  • Use a password manager
  • Save passwords to your browser
  • Saving passwords to your browser is not secure
  • Write passwords down
  • Never write a password down

I can just about find coherence in these statements with a pedantic mind, a stiff drink, and an obsessive approach to context. Is it any wonder people are confused?

The problem... security can't be explained in soundbites.

Context is essential. There isn't a one-size-fits for all situations.

The solution?

When everyone is going short. It's time to go long.

Time for a new project - 6,000 words in 6 months: The Definitive Guide to Passwords and Authentication. Not for sales, but to explain conflicting security soundbites.

March 15, 2022
1 Minutes Read

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Related Reads

Freshsec Logo

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.

Resources

Fresh Security Support

Your Questions

Blog

Legal Bits

Your Privacy

Our Terms

Cookies