A strong password isn’t the strongest security

Elaborate requirements for account passwords might sound invincible, but experts say Americans aren’t paying enough attention to other online security threats, reports the New York Times. Make your password strong, with a unique jumble of letters, numbers, and punctuation marks. But memorize it—never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us—but they don’t. Some computer security experts are advancing the heretical thought that passwords might not need to be “strong,” or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren’t paying enough attention to more potent threats. Here’s one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes—including the strongest passwords you can concoct—and then sends it surreptitiously to a remote location. “Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics. After investigating password requirements in a variety of settings, Herley is critical not of users but of system administrators who aren’t paying enough attention to the inconvenience of making people comply with arcane rules. Donald A. Norman, a co-founder of the Nielson Norman Group, makes a similar case. In an essay published last year, he noted the password rules of Northwestern University, where he then taught, was a daunting list of 15 requirements. He said unreasonable rules can end up rendering a system less secure: Users end up writing down passwords and storing them in places that can be readily discovered…

Click here for the full story

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Laura Ascione

Want to share a great resource? Let us know at submissions@eschoolmedia.com.

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.