Hacker Fight: Everything You’ve Been Told About Passwords Is Wrong

Photo: Simon Lieschke / Flickr

Security is not just about strong encryption, good anti-virus software, or techniques like two-factor authentication. It’s also about the “fuzzy” things … involving people. That’s where the security game is often won or lost. Just ask Mat Honan.

We – the users – are supposed to be responsible, and are told what to do to stay secure. For example: “Don’t use the same password on different sites.” “Use strong passwords.” “Give good answers to security questions.” But here’s the troublesome equation:

more services used = more passwords needed = more user pain

… which means it only gets harder and harder to follow such advice. Why? Because security and practicality are in conflict.

But they don’t have to be. As someone who has studied millions of passwords and how they were constructed – I’ve spent most of my waking hours for over a decade obsessing about authentication methods – I say we can have both security and practicality.

And it starts with recognizing that a lot of security advice hurts more than it helps.