[OPLIN 4cast] OPLIN 4cast #456: Password (in)sanity
OPLIN Support
support at oplin.ohio.gov
Wed Sep 23 10:30:12 EDT 2015
Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/> [image: OPLIN 4Cast]
OPLIN 4cast #456: Password (in)sanity
September 23rd, 2015
[image: password text box]Passwords, passwords, when are we ever going to
quit talking about passwords? Perhaps sooner than you might think. The huge
hack of the Ashley Madison servers, which compromised 11 million passwords
<http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/>,
made password security a topic of the mainstream media last month, with all
the usual reminders of the rules for good password management that we're
all supposed to follow. But there is also a growing opinion that these
rules have become so complex that most of us just give up and ignore them,
and that what we need is not more rule reminders, but more common sense in
how we ask people to create and manage passwords. For instance, what about
the rule that says we should never reuse a password?
- Ashley Madison password crack could spell trouble across the Internet
<http://arstechnica.com/security/2015/09/ashley-madison-password-crack-could-spell-trouble-across-the-internet/>
(Ars Technica | Dan Goodin) "The group hasn't released the passwords, but
now that their findings are public, it's inevitable the vulnerable
passcodes will become widely available. And assuming Ashley Madison
subscribers have used those passwords to protect other accounts, that means
the Internet may be in store for a new round of account compromises. Ars
has long advised readers to use 1Password
<https://agilebits.com/onepassword>, LastPass <https://lastpass.com/> or
another widely used password manager to store a long, randomly generated
password that's unique for each account."
- 84 percent of people support eliminating passwords
<http://betanews.com/2015/08/27/84-percent-of-people-support-eliminating-passwords/>
(BetaNews | Ian Barker) "Almost half of the survey respondents (46
percent) say they currently have more than 10 passwords to manage, and 68
percent acknowledge that they reuse passwords for multiple accounts. In
addition, 77 percent say they often forget passwords or have to write them
down. Among respondents' top password peeves are those systems that require
users to change their password frequently, and systems that require users
to create passwords that do not fit the model of one they regularly use."
- Are millennials the latest security threat?
<http://www.softwareadvice.com/security/industryview/millennial-threat-report-2015/>
(Software Advice | Daniel Humphries) "Here, millennials come out in front,
with 85 percent admitting to reusing passwords. However, Gen X lags only
six percentage points behind, at 79 percent, while almost three-quarters
(74 percent) of boomers are guilty of the same bad habit. So are
millennials inherently more cavalier regarding password security? Not
necessarily: assuming millennials use more online services and apps than
their parents and grandparents, they will have a greater quantity of
passwords to remember. So it's no surprise if they reuse some of them."
- Making security better: Passwords
<https://cesgdigital.blog.gov.uk/2015/09/08/making-security-better-passwords/>
(Gov.UK CESG Digital blog | Jon Lawrence) "There are passwords everywhere!
However, the conversation we've had with people all around the public
sector hasn't been a happy one when it comes to passwords. When every
system needs a different password, the complexity settings for each system
are set high, and password changes are enforced frequently, the outcome is
not better security. Through research, in collaboration with the Research
Institute in the Science of Cyber Security <http://www.riscs.org.uk/>,
we've learnt about how trying to make passwords 'more secure' means systems
end up less secure. When we're overloaded with passwords, we all end up
'breaking the rules': we use the same passwords across different systems;
we use coping strategies to make passwords more memorable (and thus more
easily guessed), and we store passwords insecurely."
*Articles from Ohio Web Library <http://ohioweblibrary.org>:*
- Pass fail.
<http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=90488486&site=ehost-live>
(*Mechanical Engineering*, Oct. 2013, p.42-47 | Jean Thilmany)
- The psychology of password management: a tradeoff between security and
convenience.
<http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=50218716&site=ehost-live>
(*Behaviour & Information Technology*, May/June 2010, p.233-244 | L.
Tam, M. Glassman, and M. Vandenwauver)
- Impact of restrictive composition policy on user password choices.
<http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=60507779&site=ehost-live>
(*Behaviour & Information Technology*, May/June 2011, p.379-388 | John
Campbell, Wanli Ma, and Dale Kleeman)
------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:
- *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
subscribing to the following URL:
http://www.oplin.org/4cast/index.php/?feed=rss2.
- *Live Bookmark.* If you're using the Firefox web browser, you can go
to the 4cast website (http://www.oplin.org/4cast/) and click on the
orange "radio wave" icon on the right side of the address bar. In Internet
Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
feed.
- *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
http://mail.oplin.org/mailman/listinfo/OPLIN4cast.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150923/fe72581a/attachment.html>
More information about the OPLIN4cast
mailing list