Barney's Blog

Blog archive

Failing Passwords

I think we all know most passwords are far too weak. So it is no real surprise that a report from Trustwave reached the same conclusion. In fact, many passwords are still PASSWORD, or the word with a number or two afterwards. This is what Verizon always used whenever I had to debug my DSL connection, which happened more often than a Brett Favre interception.

Even worse, these are often administrator passwords! Ouch.

Here's why so many passwords are so darn weak. Keeping up with a wealth of complex (but safe) passwords is a nightmare. How often have you tried to get into a system and the password you thought worked doesn't? And how do you keep track of all these various iterations, all the user names (which need to be complex because all the good ones are taken) and the accompanying passwords? Do you have them all written down? How secure is that?

The answer was always said to be single-sign on, but I have yet to see a system that singly signs on to enough to make it worthwhile.

What is your solution? Hopefully you'll send news I can use to dbarney@redmondmag.com.

Posted by Doug Barney on 03/16/2012 at 1:19 PM


Featured

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

  • How To Block Self-Service Purchasing in Microsoft's Power Platform

    Microsoft threw Office 365 admins a bone when it gave them the ability to block users from purchasing Power Platform tools without IT approval. Here's how to prevent total anarchy.

  • Azure DevOps Services Losing Support for Alternate Credentials

    Microsoft gave notice last week that it's going to drop Alternate Credentials support for authenticating users of its Azure DevOps Services.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.