Thursday, August 2, 2018
By Paul Carter, Fuel User Group volunteer
Unit 42 is the global threat intelligence team at Palo Alto Networks and believe threat intelligence should be free, shared and available for all. s and industry experts. Unit 42’s podcast, titled Don’t Panic, is widely regarded as an engaging and entertaining way to keep up to date with the latest in cybersecurity. We asked Fuel User Group volunteer Paul Carter to listen to an episode on passwords and share his thoughts here. You can learn more about Unit 42 here and listen to the same episode as Paul did here.
I recently listened to Unit 42’s podcast, Don’t Panic, and I found the discussions in the “Passwords” episode (S2E1) very interesting. Unit 42 originally published a podcast on the subject in 2015, and the subject was approached again in 2017. It’s amazing that the management of the passwords is something that is still being addressed today.
The hosts of the podcast, Rick Howard, chief security officer at Palo Alto Networks, and Ryan Olsen, vice president of Unit 42, mentioned password schemes—a personal guide for creating passwords by users. They noted that people who utilized this method are hesitant to share their password schemes. I agree with users not sharing their password scheme because it is basically a password in itself.
Additionally, Rick and Ryan mention password storage in web browsers. They suggest shying away from this method of storing passwords because the security for this use case in web browsers has always been lacking. I agree with this sentiment, but I prefer to leverage security capabilities from companies who specialize in it and as an add-on.
The point they drive home is the need and usefulness of password managers. I have seen the utility of password managers in personal and professional settings and agree that these tools make it so much easier to create strong passwords and avoid reusing the same passwords. Other key points for consideration are the security posture of the technology and whether the passwords will be housed publicly or privately. One’s personal comfort level and regulations for a company may make the decision a singular one.
Lastly, Rick and Ryan highlight an ever-present factor with passwords — people. It’s easy for the average user to want to use the same password, but that is ultimately a huge risk. When it comes to password management, the balance between security and usability is still a constant focus, but one that needs to favor security. This remains a challenge, but it is still worthy of being addressed because the worst-case scenario is creating an environment where users will resort to writing passwords down.
Passwords are one of the biggest protections for our personal data, especially in an age where so much of our lives are online. I’m sure the discussion around passwords is something this industry will continue to talk about, whether it’s two years or 10 years from now — each time in a new light, with new ideas and challenges.
Check out these Fuel blog posts for further reading:
- My Journey to SSL Decryption