Daily Archives: May 6, 2022

  • Today is “What drives me insane about passwords” day

    Posted on May 6, 2022 at 14:43 CDT by Comment in the Forums

    May 5th was World password day. A day that Microsoft wanted us to ditch our passwords completely and move to authentication apps, fido keys and other tools to move us away from passwords.

    But I’d argue that all of these solutions haven’t addressed that there are times I need to have access to someone else’s account for purposes of administration, management, use case that is not being addressed well at all.

    My girlfriend and I recently discussed this issue. She is currently doing what she calls “case management” for a relative. Where she must manage the doctor’s appointments, assist with the bank accounts, help out with log ins for another person, someone who is remote to her and not local. Often she doesn’t want to have rights to the actual account or the bank account, but merely view rights.  She wants to be able to manage – but not BE the person when it comes to log ins. And often she finds this so frustrating that businesses from banks to medical offices can’t handle this secondary log in possibility.

    Then there is the issue of multi-user two factor. I’ve seen this often with Managed service providers and even in my industry. Often there is an invite sent to a specific person. But that person may not be doing the actual work of the project. So you end up sharing out the credentials which totally loses accountability.  These vendors need to not charge per user, but understand that sometimes in firms we assign someone else to do the actual work.

    Or let’s take the case I often see in small businesses – two people work in the business, the access is tied to the one person’s phone – but another person in the office is actually working on it. So you have to get the code that was sent to the other person’s phone in order to get into the thing.

    Now let’s take the hassle of migration and backing up two factor applications. Case in point: Microsoft authenticator application.

    “Before you can back up your credentials, you must have:

    A bit of a pain in the rear.

    Google authenticator appears to me to be easier – you can actually go into the app and export out the app. So you can place it on a backup device such as an Android tablet or iPad.

    But all of these claims about how passwordless is going to make things easier, no it’s going to make things different is all. Mind you, making sure your password is long, strong and written down either in a password application or literally WRITE THEM DOWN on a piece of paper that you then keep safe.

    But bottom line, on this day AFTER password day. I do want you to do better on passwords, too often we use really lousy ones. But I also want our vendors to realize that THEY need to do better as well.

    Windows Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    May 2022
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.