Are Users at Fault for Weak Passwords?

in security •  2 months ago

Admin.png

Story Source: https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/

Scratching my head wondering why a system administrator who defines and enforces the security policy is blaming it's users for weak passwords?

Service owners can set the minimum criteria for password strength, complexity, and expiration. They can also test users choices against lists of known common passwords. If there are unacceptable risks, additional services can be included to protect access, such as change notifications, login-tracking communications, and Multi-Factor Authentication (MFA) mechanisms.

If you built and oversee the system, why would you vilify those who operate within the acceptable parameters you have defined?

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Many years ago when there weren't admin tools to define password requirements and check against common hashes, but nowadays system owners literally define and have great control over what is acceptable. I can't blame the user as they will follow what is most convenient and acceptable.

i agree with you, password strength is an administrator setting (and has been for a significant period of time). If you allow weak passwords, there is no way you can blame the users.

They're supposed to pay back $ after their accounts were hacked? How does that make any sense?

The users are not to be blamed in the Vodafone case.

Now queries and filters can be defined for passwords acceptance.

Even now auto-generated password is the order of the day

To the question in your title, my Magic 8-Ball says:

Without a doubt

Hi! I'm a bot, and this answer was posted automatically. Check this post out for more information.