Weekly Update 112

Wow, didn't the passwords discussions go nuts this week! Passwords suck and they must die, they're never going to die, people are using bad ones, people should be able to use bad ones, developers are at fault and my personal favourite in the "how on earth did you reach that conclusion" category, I should actually do something to educate people about passwords rather than blaming them for using bad ones. I've gotta stop laying around doing nothing with my days...

But seriously, both posts on passwords this week garnered a heap of input from people agreeing with me, disagreeing with me and arguing with each other. For the most part, this was just fine but what I didn't mention in the video this week is that I've muted more people on Twitter in the last 24 hours than I have in all of 2018. I got some really angry feedback from people who, as I explain in today's video, were frankly taking way too many liberties with the term "victim blaming" and even taking offence at the use of the word "blame". Look, it's ok to be offended, but my threshold is crossed once people start behaving in ways they never would in person and what should be a mature infosec discussion somehow descends into comparing a bad password choice with sexual assault. That sort of behaviour is just not something I want to be a part of and it makes it that much harder for me to spread my time across people who want to have a civilised discussion. Granted, this is still exceptional but this post caused a spike of it that brought out the worst in some people so please, by all means disagree with me but let's have that conversation in a civil fashion.

And with that, here's this week's video and I sincerely hope it helps convey the sentiments I have around the whole password situation.

Listen on Apple Podcasts
Get it on Google Play
Download via RSS


  1. The curtain has finally closed on ASafaWeb (it's served its purpose and I had a lot of fun running it, but it's had its time)
  2. Passwords live on because there's one thing they do better than every other auth solution (everyone knows how to use them!)
  3. The blame one (it needs no more introduction...)
  4. Gold Security is sponsoring my blog again this week (big thanks to those guys for their ongoing support throughout the year)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals