Are Users at Fault for Weak Passwords?
Story Source: https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/
Scratching my head wondering why a system administrator who defines and enforces the security policy is blaming it's users for weak passwords?
Service owners can set the minimum criteria for password strength, complexity, and expiration. They can also test users choices against lists of known common passwords. If there are unacceptable risks, additional services can be included to protect access, such as change notifications, login-tracking communications, and Multi-Factor Authentication (MFA) mechanisms.
If you built and oversee the system, why would you vilify those who operate within the acceptable parameters you have defined?
Many years ago when there weren't admin tools to define password requirements and check against common hashes, but nowadays system owners literally define and have great control over what is acceptable. I can't blame the user as they will follow what is most convenient and acceptable.
i agree with you, password strength is an administrator setting (and has been for a significant period of time). If you allow weak passwords, there is no way you can blame the users.
They're supposed to pay back $ after their accounts were hacked? How does that make any sense?
The users are not to be blamed in the Vodafone case.
Now queries and filters can be defined for passwords acceptance.
Even now auto-generated password is the order of the day
To the question in your title, my Magic 8-Ball says:
Hi! I'm a bot, and this answer was posted automatically. Check this post out for more information.