Wow, didn't the passwords discussions go nuts this week! Passwords suck and they must die, they're never going to die, people are using bad ones, people should be able to use bad ones, developers are at fault and my personal favourite in the "how on earth did you reach that conclusion" category, I should actually do something to educate people about passwords rather than blaming them for using bad ones. I've gotta stop laying around doing nothing with my days...
But seriously, both posts on passwords this week garnered a heap of input from people agreeing with me, disagreeing with me and arguing with each other. For the most part, this was just fine but what I didn't mention in the video this week is that I've muted more people on Twitter in the last 24 hours than I have in all of 2018. I got some really angry feedback from people who, as I explain in today's video, were frankly taking way too many liberties with the term "victim blaming" and even taking offence at the use of the word "blame". Look, it's ok to be offended, but my threshold is crossed once people start behaving in ways they never would in person and what should be a mature infosec discussion somehow descends into comparing a bad password choice with sexual assault. That sort of behaviour is just not something I want to be a part of and it makes it that much harder for me to spread my time across people who want to have a civilised discussion. Granted, this is still exceptional but this post caused a spike of it that brought out the worst in some people so please, by all means disagree with me but let's have that conversation in a civil fashion.
And with that, here's this week's video and I sincerely hope it helps convey the sentiments I have around the whole password situation.
- The curtain has finally closed on ASafaWeb (it's served its purpose and I had a lot of fun running it, but it's had its time)
- Passwords live on because there's one thing they do better than every other auth solution (everyone knows how to use them!)
- The blame one (it needs no more introduction...)
- Gold Security is sponsoring my blog again this week (big thanks to those guys for their ongoing support throughout the year)