Silverlight Authors: Automic Blog, Michael Kopp, AppDynamics Blog, Kaazing Blog, Steven Mandel

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo, @ThingsExpo

@CloudExpo: Article

No Passwords | @CloudExpo #Cloud #API #AI #ML #DL #DX #Cybersecurity

Right after the Sony Hack became public knowledge (circa November 2014), cybersecurity paranoia set in

Every time there’s a notable cybersecurity breach, someone (even me) writes a comprehensive primer on the proper way to create “secure” passwords. Lather, rinse, repeat. Until a few years ago, everyone (including me) based their password advice on a 2003 paper from the National Institute of Standards and Technology (NIST), with the catchy title “NIST Special Publication 800-63.” The paper recommended that passwords be cryptic, contain special characters, and be as close to nonsense as possible.

I was in a camp I called “How to Make a Cryptic Password You Can Easily Remember.” The short version was this: take a phrase you know, such as a favorite quote from a movie, and use the first letter of each word. For example, Sheriff Brody’s famous line from Jaws, “I think we’re gonna need a bigger boat,” becomes [email protected] The trick was using Leet (a technique where letters are replaced by numbers and symbols; see my post from July 2012, “Yahoo! Hacked: What You Need To Do Now”) to add the numbers and special characters. But as you can see from the example, a password made in this way is total nonsense to everyone but you – unless you forget your favorite quote.

That Was Then
Right after the Sony Hack became public knowledge (circa November 2014), cybersecurity paranoia set in and everyone started grasping for ways to enhance their cyberdefenses.

Once again, passwords were in the spotlight, but two strategic camps had evolved. Camp one was advocating the creation of more-cryptic passwords and changing them often (like monthly), and camp two began advocating for the longest passwords possible, made from any words you like and left alone until there was a reason to change them. All my cybersecurity friends fell squarely into the second camp, advocating for the longest passwords possible. My thinking evolved and I fell into line with camp two.

Fast Forward to Today
According to the Wall Street Journal, Bill Burr (the man who wrote the NIST memo back in 2003 that recommended the cryptic craziness and frequent replacement guidelines) has had an epiphany. “Much of what I did I now regret,” said Mr. Burr, 72 years old, who is now retired. If the reporting is accurate, he had very little evidence upon which to base the NIST’s recommendations. (Sort of makes me think about the USDA Food Chart I grew up with. But that’s for another article.) Why were Mr. Burr’s assumptions wrong?

The Math
This very widely circulated cartoon from XKCD tells the story beautifully.

The key takeaway is that the longer the password is, no matter its complexity, the harder it is for a computer to guess.

Now What?
The good news is that Mr. Burr’s old memo has been discarded and the NIST has published new Digital Identity Guidelines. The bad news is that it is going to take quite a while for these new guidelines to become widely adopted. Many sites limit the length of your password to “8-12 characters.” If that’s the case, you can’t use a password that is long enough to be considered safe under the new guidelines. As you know, many sites (especially government sites) require a special character and a number for a password to be considered strong. In practice, it may be years before the Internet catches up. By then, we may not be using passwords at all.

No Passwords
For consumers, passwords are just a way to validate that you are who you say you are. If you forget your password, you can request an email, a txt, or in some cases a phone call to obtain a temporary replacement. So if there’s another valid way to authenticate you, passwords really aren’t necessary. Google, Facebook, and several other sites can be easily used to verify that you are who you say you are. If proper authentication protocols are used, any site could determine you are you by checking to see if you are properly logged in to Facebook or Gmail. Lots of sites already do this, and there are a host of biometric and multifactor identification and authentication schemas fighting to be the new new thing in secure Internet living. Password science is evolving quickly, but it’s likely to be a hot mess for the foreseeable future.

So What Do I Do?
Do what the experts are now telling you to do. Start using the longest passwords possible. I would not use correcthorsebatterystaple, but “passwordswedontneednostinkinpasswords” will absolutely do the job.

Other Articles You May Enjoy

CMOs Shouldn’t Buy Tech, Ever!

How Do You See the Future?

The Five Jobs Robots Will Take First

The Five Jobs Robots Will Take Last

Just How Dangerous Is Alexa?

I’d Pay You $500,000 a Year, but You Can’t Do the Work

Machine Learning & AI: When to Start?

Artificial Intelligence: 5 Things Every CEO Should Know

My Banned Words for 2017

The post Passwords: What if Everything You Know Is Wrong? originally appeared here on Shelly Palmer

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

@ThingsExpo Stories
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER give you detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPO also offers s...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, shared examples from a wide range of industries – including en...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Rodrigo Coutinho is part of OutSystems' founders' team and currently the Head of Product Design. He provides a cross-functional role where he supports Product Management in defining the positioning and direction of the Agile Platform, while at the same time promoting model-based development and new techniques to deliver applications in the cloud.
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.