“A study revealed that government spent $48 million on anti-smoking campaigns. Every year same or higher amount of money is spent on such campaigns. Government still allows its sales though smoking is injurious to health
Why talk about advertisements and sale of cigarettes and what does it have to do with weak passwords?
Like smoking, weak passwords have consequences. CISO’s and security professionals spend thousands if not millions of dollars on awareness but still allows weak passwords.
Security professionals those protecting Organizations, leave many applications allowing users to enter weak passwords. Problems of weak passwords are higher where Organizations allows Shadow IT applications. Many e-commerce websites accept weak passwords in favor of better user experience.
A strong password is a default necessity to increase our chances to stay protected. Yet, in a recent study, “123456” and “password” remains most popular password in the year 2014 and 2015. Not only CISO’s but end users too needs to understand the dangers of weak passwords. But, sometimes “Ignorance is bliss” costs.
Password strength vs. User experience is going to be a never ending debate. But as security professionals, we need to analyze risks and favor strong Passwords.
Government have powers to ban cigarettes so do CISO’s and security professionals. Security managers too have powers to enforce strong passwords or make two-factor authentication mandatory.
It is clear that just awareness is not enough to reduce exposure on weak passwords. Perhaps, awareness must include real-life cases of breaches due to weak passwords. Just like cancer patients are cast for anti-smoking advertisements!”