Dan Munro - Dev-Sec-Ops Engineer   Archives  Recommendations  About

The Password Is Dead, Long Live The Password!

They just don’t meet the challenge for anything you really want to secure.

Bill Gates, 2004

You will never need a password again.

IBM, predicting five years out in 2011

Passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe.

Eric Grosse, Google, 2015

Passwords are not going away any time soon 1. If our collective hygiene does not improve, we will all die in fiery apocalyptic digital anarchy, probably. Or not. However, just like hygiene for our bodies, prevention and care is far cheaper and more effective than remediation and recovery.

Managing The Chaos

How many passwords does the average person keep track of? According to a recent report from LastPass, in 2017 that answer is 191 passwords. Assuming we follow good password hygiene and all passwords are at least 8 characters in length (or more!), that’s 1528 total characters. At least.

It goes without saying, but that’s simply too much for one person to remember. The necessity for using a password manager is stronger today than ever before.

Get A Password Manager

So do some research. Find a password manager that looks like a good fit and sign up. Download the browser plugin, the mobile app, and the native app if it’s available. Make it easy to do the right thing.

Wash Behind The Ears

Then, for every re-used password, change that sucker! If possible, only copy and paste passwords from the password manager app/plugin. This makes it practical to use longer passwords. At first, a 64 character password seems impractical, but if it’s never manually typed, does the length matter? At this point the limitation is on the service requiring the password.

Looking Forward

It is 2018, and the inexorable march of time propels us forward. What other options are there to increase personal security? 2FA is spectacular, ubiquitous, and easy to get started with. Apps are available which provide 2FA, as well as physical security keys. Biometrics, including fingerprint and face scanners are promising and becoming more mainstream. Any of these options will dramatically increase a user’s defensive posture against attacks.

1. This, apparently, is not a common perception

Written on Jul 25, 2018.