[Editor’s Point] Yet again, this is not important to us as a community just because some of us might have a gmail account. This is important because security moves in a diminishing cycle. Of the 10 items in the article, who among us is vigialant on more than 3? on even 3?
The other nice thing about this article is that it is written in a way that it can be given to anyone; a great training tool.
According to Aguilera’s new security alert, Google allows anyone with a Gmail account to guess another Gmail user’s password 100 times every two hours, or 1,200 times per day. …
To its credit, Gmail requires fairly long passwords of 8 characters or more. However, as Aguilera points out, Gmail allows users to create extremely weak passwords such as aaaaaaaa.
A quick survey of my friends and relatives revealed that not one of them uses strong passwords. Most people have no idea how to create them. Yet everyone I asked expressed guilt at using easy-to-crack passwords: pet names, birthdays, and common dictionary words.
Most people’s passwords could be guessed in far fewer than 10,000 attempts. And, despite using weak passwords, the people I interviewed say they rarely change their sign-in strings. (One-third of the people surveyed use the same password for every Web site they sign in to, and the infamous Conficker worm needed to try only 200 common passwords to break into many systems, according to an analysis by the Sophos security firm.)
Here’s the topper: many respondents to my informal survey admitted to keeping an unencrypted file on their systems that lists every password they use!
The article continues to tell why that is just wrong, and what can be done – simply – to fix the problem…as well as challenge us all with 10 things that we who know better probably don’t do…well, maybe a few…