Password Security: Too much could defeat the purpose

password security

Identity theft, hacking, phishing, and malware are huge problems and they are only going to get worse. Once of the biggest issues we have nowadays is that we have hundreds of accounts on hundreds of platforms and many platforms have unique password security requirements. Some organizations require 8 digit passwords while others require 10, 12, or more. ┬áSome password security rules require that we use special characters such as [email protected]#$%^ while others prohibit the use of such special characters. Some require an upper case and a lower case while others ignore case. Some require numbers, some don’t.

All these different rules and overly complex password requirements makes it difficult for people to use and memorize the same password, which tempts people to write them down, which is also a security violation.

It is frustrating to have to enter half a dozen different password combinations before a system accepts your password. After a while, you’ve forgotten which password worked and which were rejected. So, next time you log in, your password doesn’t work and you have to reset it and wait for an email or text message. Hopefully, you haven’t been blocked from the system. Hopefully, you don’t have to wait a period of time before trying again.

On top of all this, some systems and organizations require you to change passwords frequently, i.e., multiple times per year. Again, tempts you to write them down.

Fortunately, there are companies that store and secure passwords for you. These are companies such as LastPass and Dashlane, which requires you to only memorize one password to get into the vault and once you are in, it manages all of your other passwords for you. But, that is like keeping all your valuables in a bank vault. Everybody knows people keep their most valuable possessions in a bank vault, to it is a huge target. Once people get into the vault, particularly if this vault manages and secures your passwords, then they get the keys to the kingdom. Do you think password management companies are immune to hacking?

Recently, Equifax, a company that calculates and reports your credit rating, just got hacked and millions of sensitive, personally identifiable information (PII) got stolen. Once you have this PII, you can hack into other accounts, perform identity theft, and conduct a number of financial crimes. Who would have thought the company that holds everybody’s most private details would get hacked?

So what’s the solution?

Seriously … what is the solution? Send us a tweet.