Passwords are widely recognised by the security industry as no longer being fit for purpose. Yet at the same time they are ingrained into users psyche as being the ‘correct’ way to log in to applications and devices. This element of human behaviour, and our unquestioning acceptance of passwords, is the very thing that HeartBleed seeks to exploit. As a result, the bug has shone a bright light on passwords and their inadequacy – what learnings can we take away from the last week?
1. Passwords are hard to use and maintain. We’re told that for each individual application that we interact with, we should use a unique password. All very well in theory, but when it comes to remembering them it is a very different kettle of fish.
2. In order to address the fact that, unless you have an eidetic memory, it simply isn’t feasible to remember and manage such a multitude of passwords, we default to either using the same one for everything or something that is easy to remember such as our birthdate or Password1. The problem is that if it’s easy for you to remember, the chances are it’s not going to take a hacker long to work it out either.