Insecure Passwords or Insecure People?
For all the talk about multi-factor authentication and the mainstream adoption of biometrics, passwords are not going away. Whilst there are more secure alternatives, and other authentication methods that can be used alongside the humble password, like it or not, the password is going to be around for a long time.
More focus is needed on how to make passwords ‘work’. For the vast majority of applications, they’re all we’ve got.
The truth is that there’s nothing wrong with passwords. The problem is people. Users select passwords that are too simple, too short and too predictable. Analysis of actual passwords published after large-scale attacks (including Sony and LinkedIn) shows that more than 50% are fewer than eight characters. Half contain only numbers or only letters, and only about 1% contain a non-alphanumeric characte