I've enjoyed delivering training to fellow educators at various points over the last ten years. However, whenever I am giving a session about privacy, more often than not I have had colleagues claiming to have been hacked in various ways. Wunderkind hackers aside, the odds of someone brute-forcing their way into your Google, Facebook or whatever account is ridiculously low. Far more likely is having a poor password, or leaving your device unlocked and unattended. It almost seems sometimes like people know that they have a terrible method of choosing passwords, but never seem to address this problem. The main problems as I see it are;
- Passwords can be easily worked out by computers using a dictionary-style attack.
- Passwords are re-used as people cannot remember multiple passwords for the multitude of different services they have signed up to.
- The combination of the previous points results in easily decoded patterns of behaviour making a data breach in one service automatically a data breach in other services.
Some of this can be blamed on IT department password policies which, in fairness, have rarely given advice that lends itself to some level of convenience for a user alongside their security. Indeed, the convenience vs security tradeoff underpins so much of the drive towards more secure computing for everyone. This post was somewhat inspired by this post and presentation (apologies for youtube content…ad blockers and anti-tracking plugins at the ready!);