I think we all know most passwords are far too weak. So it is no real surprise that a report from Trustwave reached the same conclusion. In fact, many passwords are still PASSWORD, or the word with a number or two afterwards. This is what Verizon always used whenever I had to debug my DSL connection, which happened more often than a Brett Favre interception.
Even worse, these are often administrator passwords! Ouch.
Here's why so many passwords are so darn weak. Keeping up with a wealth of complex (but safe) passwords is a nightmare. How often have you tried to get into a system and the password you thought worked doesn't? And how do you keep track of all these various iterations, all the user names (which need to be complex because all the good ones are taken) and the accompanying passwords? Do you have them all written down? How secure is that?
The answer was always said to be single-sign on, but I have yet to see a system that singly signs on to enough to make it worthwhile.
What is your solution? Hopefully you'll send news I can use to firstname.lastname@example.org.
Posted by Doug Barney on 03/16/2012 at 1:19 PM