This is an interesting admission by the team at Google. Though they have not confirmed the number of affected enterprise customers, I know it least one local organization that was contacted by Google concerning this unintentional data leak. Fortunately, that organization had ceased using the service some time ago.
It does appear that Google has remediated the problem. That said, any potentially affected organization should address password reuse and other related opportunities to mitigate the risk.
Though many like to pretend that the debate is still alive and relevant, I tend to agree with the authors of this post from KnowBe4 – the 8 character password is dead. It has honestly been dead for some time. We need to move forward and consider stronger, more effective and memorable pass-phrases combined with multi-factor authentication options whenever available.
The NIST standard of “complex” 8 character passwords is mentioned in this post, but it is also worth mentioning that even NIST has recognized it is time to move beyond that standard. New, revised standards are coming that involve less password rotation and more lengthened pass-phrases.
These steps are honestly not hard and they will keep your data safer than the good ol’ days of “Petsname123”.
So many words to describe the statistics shared in this article – sad, depressing, pathetic, lazy…did I mention sad and depressing. There really is no reason for this. Strong, safe, effective password managers exist. They are free or cost effective. They are easy to use. They truly save time and money. We really have no good excuse to be in this situation.
This is a good, straight-forward video clip with sound advice on password and passphrase creation. Enjoy!
This is exciting news and a very smart, practical move by the team at NIST. Length of passwords trumps complexity in most situations when an end user is left to his or her own devices. I am glad to see these changes and encourage all administrators and IT security professionals to use these changes as an opportunity to better educate end users in the proper set up and usage of passwords.