THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Rob Farley

- Owner/Principal with LobsterPot Solutions (a MS Gold Partner consulting firm), Microsoft Certified Master, Microsoft MVP (SQL Server), APS/PDW trainer and leader of the SQL User Group in Adelaide, Australia. Rob is a former director of PASS, and provides consulting and training courses around the world in SQL Server and BI topics.

Passwords – a secret you have no right to share

Hi! - Great that you've found this page, but it's no longer here! You can find the content over at: http://blogs.lobsterpot.com.au/2016/10/11/passwords-a-secret-you-have-no-right-to-share/

Published Tuesday, October 11, 2016 7:39 PM by Rob Farley

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Peter said:

I use dirty words in all of my passwords to discourage sharing.

October 11, 2016 7:13 PM
 

RichB said:

Sure... but also remember the opposite goes as well.

Don't ask me for a complicated password to merely protect some inane ramblings on a website.

Don't ask me for the same old hackneyed 'secret' questions and answers that somehow need to end up all over the internet to 'protect' my identity.

Don't make me change it so often I need to write it down.  Don't make me have so many different ones _for the same organisation_ that I need to write them down.  

Don't make it hard for me to remember it.  

Don't make it hard for me to reset it.

Don't, whatever you do, email it to me with instructions to change it immediately, but set the AD property that prevents me changing the password until after the weekend...

October 11, 2016 9:20 PM
 

AdaTheDev said:

One of the best ways to prevent sharing of passwords, is to have passwords that you don't even know/remember yourself.

Obviously there are some passwords you HAVE to remember, such as for your password-store-of-choice (LastPass, 1Password....), but in majority of cases let a password generator create a unique one for you for that particular site/service. I know it's going to do a far better job than my memory can for remembering secure/random passwords! .

October 12, 2016 5:45 AM
 

DuncanGreaves said:

And don't use the passwords you use for eternal providers internally.

The LinkedIn passwords that were leaked have been used to compromise systems

where the same password was used with the company account.

October 12, 2016 7:59 AM
 

jchang said:

there are 3 levels of password security

1) low - easily guessed

2) medium - somewhat difficult to remember, write it down on a yellow sticky, stick on back of monitor

3) high - difficult to remember, write it on a yellow sticky, stick on front of monitor

October 12, 2016 11:31 AM
 

John Winterbottom said:

A better approach might be to ask why users are sharing passwords and try to address the root cause, (hint it's probably because they just want to get their damn work done). As IT folk we sometimes lose sight of the big picture - information systems are there to achieve an end and not as an end in themselves. This end could be increased efficiency, higher productivity etc. Chances are that our password-sharing users are simply working around obstacles rather than plotting something nefarious. Let's talk to them and try and understand why before we simply add more rules to their lives.    

October 15, 2016 7:53 AM
 

Dell Anderson said:

Passwords are an antiquated authentication and security mechanism which simply has not yet been replaced by anything better. I can't wait until an open source solution that works similarly to something like Steve Gibson's SQRL relegates the antiquated and cumbersome password system to the Dustbin of History

October 15, 2016 12:45 PM
 

dd said:

Pot calling the kettle black.

When companies and governments are losing our passwords by the hundreds of millions you have the effrontery to blame the user for sharing his password.

It is more likely as a store that you will lose my and all your customers details at one go than it is for my friends to abuse my password.

October 15, 2016 3:36 PM

Leave a Comment

(required) 
(required) 
Submit

This Blog

Syndication

Tags

No tags have been created or used yet.

News

News? Haven't you read my blog?

My Company


Can't find something?

Contact Me

IM: rob_farley@hotmail.com
Twitter: @rob_farley
Skype: rob_farley
E: rob_farley@hotmail.com

MVP (SQL Server)




Certifications








Adelaide SQL UG

Privacy Statement