• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Passwords: Not Going Away Anytime Soon

Passwords: Not Going Away Anytime Soon

  • Posted on:April 30, 2014 at 2:10 pm
  • Posted in:Bad Sites
  • Author:
    David Sancho (Senior Threat Researcher)
0

For users who are not system administrators, the biggest impact of the Heartbleed vulnerability has been all the passwords that they have had to change. This, together with improvements in alternative authentication methods (like the fingerprint scanners now embedded in flagship smartphones), have caused some rather bold statements about passwords to be made.

Passwords are out of fashion? Obsolete in the short term, I hear some people say? Not so fast! While it’s true that passwords are not the most convenient way of authenticating yourself and they are inherently insecure, we should not be so quick to dismiss them.

The main advantage of passwords is that everybody can use them straight away. There is no need to tie yourself to a specific authentication token (“I could swear it was in my bag this morning!”), location (“I can’t log in from the hotel, I forgot I enabled that security feature!”), or smartphone (“I let my phone’s battery go dead!”). It might seem odd to some, but forcing users to own a smartphone – or asking a company to provide their employees with one – might be too costly.

Even if passwords are supplemented by other authentication methods, passwords will still be around as a secondary method. What would happen otherwise when your phone or hardware token gets stolen? We are simply not ready for a world without passwords, much as we’d like to get rid of them.

If that’s the case, we might as well learn how to use them properly. It’s not that difficult:

First, use a different password for each online service. If you’re trying to do this manually, it becomes difficult – which is why the best way to do this is to use a password manager. There are multiple options available, many of which are free.

Secondly, once you are using a password manager, use a long, hard-to-guess master password for it. If it’s anywhere in a dictionary, it’s not a good  password. Here’s one way  to come up with a secure master password: use the initials of a very long sentence. Imagine there’s no heaven; It’s easy if you try; No hell below us; Above us only sky. Add commas and other punctuation for added difficulty and bonus points: Itnh,ieiyt;nhbu,auos! That’s a better password than what most people use.

Thirdly, don’t rely on passwords alone. Yes, we said that passwords won’t be going away soon – but if you can, use what second factor of authentication is available. A smartphone is a good choice, as many services can use one to authenticate – whether it’s via an app or text messages.

I don’t think passwords are going to fall out of fashion anytime soon, if only for the ease of use. This isn’t to say that they will be the only authentication method used – and they shouldn’t be. Complementing them with more factors (two or three!) is the way to go, in my opinion.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: data managementpassword managementpasswords

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.