Password Management - Your Responsibility

Thursday, April 09, 2020 10:00 AM

Password Management - Your Responsibility

 

This article began as a Blog about Password Management, but it quickly began to change into something else.

If there is any subject which highlights all the frustration felt by me, your friendly infosec zealot, it would be password management.

I can recall all the cool cigarette ads at the movies when I was a kid.  'The Marlboro Man', in his cowboy hat and that bad-ass moustache was my favorite.  Of course, we now know that cigarettes are bad for you.  Imagine those pioneering doctors screaming to the world, 'this stuff will kill you' and no one listening - how frustrating would that have been?

We are fast approaching, or indeed may have even passed the point, where we should stop discussing data breaches as a purely technological issue.  Instead, perhaps we should now be talking about them as a health issue.

Do your own research (start at IDCARE), and you will begin to understand the true cost of identity breaches.

For all of my presentations, war stories, YouTube videos, etc. on this subject, the majority of the people I associate with personally and professionally still do not take even the most basic steps in protecting themselves, their families, their business, and their business partners, by safely managing something as important as their passwords.

I'm not going to bore you with the statistics.  That sales pitch isn't working, and I obviously don't know what the right sales pitch is.

I have actually spent countless hours wondering what I am doing wrong.  Is it something that I can do better?  What conversation can I have with people that will change their attitudes towards password management?  Because that is what I'm trying to do - I'm honestly trying to induce change in your life, and apparently I don't have the right words to do that.

Most people will agree that we need to manage passwords, because they in turn manage stuff like bank accounts, credit cards, blah blah blah, but these same people, who will acknowledge password management, do not actually practice what they preach.

Often they will divert the blame or offer excuses.  'the boss doesn't use a password manager', 'it's too hard to explain to the spouse', or, my personal favourite 'I have my own system', like you're way more clever than those 'hackers'.

Sometimes, it appears like people just don't care.

However, as I was researching this blog (lots of juicy statistics, it was going to be epic!), and I started pulling it all together and typing it out, I realized that I'm really not approaching this problem in the right way.

I had to remind myself that it's my job is to educate you.

I can't change who you are.

The mindset required is the same as if you decided to eat healthy, train to run a marathon, or go back to school. Any of the excuses you have for not doing what you say you want to do are exactly the same.  You have to conquer that excuse mindset, and make those changes.  I can't do that for you.

Just like your health or your education, safely managing the passwords that control your personal and professional life is your responsibility.

Do it, or don't do it.  Just be grown up enough to own that decision, and the potential outcomes.  Stop pretending like it's not your problem, or that it's someone else's decision to make.

I will continue to do my very best to educate all who are willing to listen about the dangers, and the pitfalls, and the paths available to a more safe and secure online life.  But, to be one of those people, first you must be willing to take ownership of your own online world.

I truly hope you do.  And I'm here to help.

About the Author

Michael Leboydre has served with the Queensland Police Service, culminating in his time as a Detective with the QPS Cyber Squad. During more than two years with the Cyber Squad, Michael conducted investigations and liaised with other state, national and international Agencies on many cases involving fraud, identity theft and other cyber crimes, including many originating in Queensland and heading interstate or overseas, and coming back the other way.

As a result of witnessing first hand the impact these crimes have on unsuspecting members of the general public, through investigations and victim statements, Michael has since devoted his time to educate all who will listen on how they can reduce their risk and exposure to these serious crimes and their devastating consequences.