Published in News

Has password protection become bigger than the problem it seeks to solve?

by on26 September 2022


We have Enhanced Phishing Protection now

Software King of the World Microsoft has just released a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites.

It is designed to stop users from putting their passwords in insecure applications, such as word processors, text editors, and spreadsheets and while I don’t dispute it is a good bit of protection, I am starting to wonder if all this password protection is really worth it.

A password was designed to stand as security protection in its own right, yet because users are thick and choose simple passwords, there is shedloads of software in place which protects the hackers from guessing.

In some cases, a user who has all the security in place spends more time negotiating the password protection than they do using the actual app – particularly if you have a different password for every website or app you use.  

Software makers, like Microsoft, have not been particularly clever at coming up with alternatives and just slapped more protection around a flawed concept. Two-factor ID for example assumes that you have a mobile phone, it is turned on, has enough battery and you know the passwords. I have counted more fire hydrants than is reasonable for any mortal and I have never lived in a country where fire hydrants (or cross walks) exist.

So the latest gem to protect this useless form of protection is software which identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps.

The hole in this is that it prevents you from using passwords that are long and hard for a hacker to work out in favour of those which include numbers or odd characters. While these might be good for security, it means that you are more likely to forget or mistype them.  So my password “Thehillsarealivewiththesoundofmusic.” might be less secure than “Thehi11sarealivewiththesoundofmusic!”, but I am more likely to forget it or where the letters become numbers.  I also do not believe that there are any hackers out there who would look at a password and think “yeah, that is worth spending the next few months of my life trying to crack. Just to read some out-of-date rants about Apple.”

Basically, it is time to walk away from passwords and find something better rather than trying to patch up a system which has not really worked since the 90s.

 

Last modified on 26 September 2022
Rate this item
(1 Vote)

Read more about: