Password Confusion

Recently a software leader published an article that discussed the possibility that maybe shorter passwords were better than longer ones. This goes directly against all research previously that longer passwords were the key to user security online.

I believe this just adds to the confusion users experience when trying to be more secure. It also can confuse the argument when businesses are considering what their password policies should be.

I think this is an example of someone trying to get noticed and come up with an off the wall idea to get attention. In a world where some people want to be noticed by publishing their every move on Twitter, making their pictures public on Facebook, and videos of anything and everything cluttering the internet this isn't a real surprise. The advice is to reduce your security and make access easier.

Businesses need to ignore this type of advice and focus on best practices for security. Access to corporate networks should never rely on a single password rather two-factor authentication needs to be deployed. Hard drives should be encrypted to deter theft and minimize the impact when a theft occurs. Wireless networks need to use the strongest standards possible and time should be taken to test the security.

I remember in the not to distant past when a prospect I was meeting with told me if they were to purchase a firewall it would only get the attention of a hacker so they chose to not purchase one. This was the advice of their IT professional.