Worst passwords list is out, but this time we’re not scolding users

What a wonderful thought and a great step in the right direction – Let’s deny the use of the 10,000 worst passwords.  I am being serious as is this article.  It is time to stop simply laughing at the poor decisions of our end users and begin to build controls and limitations on poor password decisions.  It is time to mandate better credentials – passphrases, multi-factor authentication requirements, and proper password management tools.  It is time for webmasters and sysadmins to pick up the torch of password security and quick bending to the whim of a lowest common denominator approach to end user management.


Terrible passwords outlawed in Microsoft’s new Azure tool

Kudos to Microsoft for heading down this path and taking one more step closer to better password security.  It is still not a perfect world scenario, but it is better than the basic controls inherent to the OS.


Password Reuse Abounds, New Survey Shows

So many words to describe the statistics shared in this article – sad, depressing, pathetic, lazy…did I mention sad and depressing.  There really is no reason for this.  Strong, safe, effective password managers exist.  They are free or cost effective.  They are easy to use.  They truly save time and money.  We really have no good excuse to be in this situation.


LastPass doubles price of its Premium plan, removes features from its free service tier

I am a firm believer that a good password manager should be an essential part of every person’s security toolbox.  Lastpass has been a strong player in this space for some time and has built a strong user base through the availability of a feature rich free production version.  These changes in the Lastpass pricing structure may cause some to pause when looking at the product, but it should not cause anyone to walk away from the value of sound password management.


Zomato Hacked! Database of 17 Million Users Stolen

As this article states, the biggest challenge in a breach like this is the fact that so many users reuse the same usernames and passwords across a large portion of their online accounts.  If you are a user of this service, you have already been forced to change your password.  Take this breach as a warning to not replicate the same credentials all over the internet.  Use a password manager.  Use unique passwords.


No more pointless password requirements

This is exciting news and a very smart, practical move by the team at NIST.  Length of passwords trumps complexity in most situations when an end user is left to his or her own devices.  I am glad to see these changes and encourage all administrators and IT security professionals to use these changes as an opportunity to better educate end users in the proper set up and usage of passwords.


Is Fingerprint Authentication Making The Password Problem Worse?

This article explains many of the pros and cons of biometrics in terms of replacing passwords and the fact that everyone still needs to have a strong password management strategy.  Biometric controls are a good addition to credentials management, but it is not a single definitive solution to all sign-on needs.