Our passwords are screwed because the companies that store them can’t be bothered to secure them. All of this could be solved with a regulation that every compromised account means the user is owed $500.
But of course the contributors to the NYTimes can’t find fault with businesses, instead scolding customers that they’re not protecting the data that they didn’t want collected and the credentials and credit scores we didn’t ask for either.
Nobody is going to steal your identity, they’re stealing credentials that you didn’t ask for, do not benefit from, and have no control how they’re stored or maintained.
You’re half right. The way companies expect people to use passwords is unsustainable. People can remember a password. No one can remember a unique, hard-to-guess password for every login they have. So they re-use passwords. Password re-use is so common and unavoidable that losing a single password is disastrous. It should not be. This is one of the promises of FIDO and passkey, not relying on a password that can be stolen, guessed and re-used.
Our passwords are screwed because the companies that store them can’t be bothered to secure them. All of this could be solved with a regulation that every compromised account means the user is owed $500.
But of course the contributors to the NYTimes can’t find fault with businesses, instead scolding customers that they’re not protecting the data that they didn’t want collected and the credentials and credit scores we didn’t ask for either.
Nobody is going to steal your identity, they’re stealing credentials that you didn’t ask for, do not benefit from, and have no control how they’re stored or maintained.
You’re half right. The way companies expect people to use passwords is unsustainable. People can remember a password. No one can remember a unique, hard-to-guess password for every login they have. So they re-use passwords. Password re-use is so common and unavoidable that losing a single password is disastrous. It should not be. This is one of the promises of FIDO and passkey, not relying on a password that can be stolen, guessed and re-used.
I’d say $50k - make THAT risk really hurt.
There’s no excuse for the crap we have today. Every Enterprise I’ve worked in since the mid-90’s has had strong password policy and controls.