Are Users at Fault for Weak Passwords? by mrosenquist

View this thread on: hive.blog | peakd.com | ecency.com

security · @mrosenquist · Sep 6 '18

$0.96

Are Users at Fault for Weak Passwords?

![Admin.png](https://cdn.steemitimages.com/DQmSiYBYaNnrZmNNzUcoZiFoGXLFVJym4CVt9b16qFbfuST/Admin.png)

Story Source: https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/

Scratching my head wondering why a system administrator who defines and enforces the security policy is blaming it's users for weak passwords? 

Service owners can set the minimum criteria for password strength, complexity, and expiration. They can also test users choices against lists of known common passwords. If there are unacceptable risks, additional services can be included to protect access, such as change notifications, login-tracking communications, and Multi-Factor Authentication (MFA) mechanisms. 

If you built and oversee the system, why would you vilify those who operate within the acceptable parameters you have defined?

👍 mrosenquist, sesises, alaqrab, matt-a, the-alien, jacobite, guiltyparties, bitshares101, ultimus, gikitiki, miscellaneous, s1crypt, mchavarriaot, cupofcoco321, goblu96, mauricemikkers, hdu, thetroublenotes, jhoni, benjemar, magic8ball

`author`	mrosenquist
`permlink`	are-users-at-fault-for-weak-passwords
`category`	security
`json_metadata`	{"tags":["security","news","technology","password","hack"],"image":["https://cdn.steemitimages.com/DQmSiYBYaNnrZmNNzUcoZiFoGXLFVJym4CVt9b16qFbfuST/Admin.png"],"links":["https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/"],"app":"steemit/0.1","format":"markdown"}
`created`	2018-09-06 23:41:57
`last_update`	2018-09-06 23:41:57
`depth`	0
`children`	5
`last_payout`	2018-09-13 23:41:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.746 HBD
`curator_payout_value`	0.211 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	876
`author_reputation`	178,128,965,781,896
`root_title`	"Are Users at Fault for Weak Passwords?"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,551,283
`net_rshares`	906,791,289,459
`author_curate_reward`	""

properties (23)vote details (21)

voter	rshares	pct
the-alien	24,097,607,244	100%
mauricemikkers	648,146,319	100%
matt-a	47,027,628,521	1%
bitshares101	15,371,489,000	20%
gikitiki	11,352,828,117	25%
mrosenquist	374,479,066,789	100%
mchavarriaot	1,805,160,154	100%
goblu96	1,051,882,722	100%
ultimus	12,914,157,156	100%
alaqrab	48,853,258,218	100%
cupofcoco321	1,435,080,674	100%
sesises	321,256,680,144	100%
miscellaneous	3,687,645,149	100%
benjemar	229,302,578	100%
guiltyparties	16,088,282,882	100%
jacobite	23,506,439,787	100%
thetroublenotes	290,239,239	1.5%
s1crypt	2,071,220,638	100%
magic8ball	50,804,463	33%
jhoni	279,023,479	100%
hdu	295,346,186	2%

@goblu96 · Sep 7 '18

$0.40

i agree with you, password strength is an administrator setting (and has been for a significant period of time).  If you allow weak passwords, there is no way you can blame the users.

👍 mrosenquist, cheneats, sou1iane

`author`	goblu96
`permlink`	re-mrosenquist-are-users-at-fault-for-weak-passwords-20180907t130122847z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2018-09-07 13:01:24
`last_update`	2018-09-07 13:01:24
`depth`	1
`children`	0
`last_payout`	2018-09-14 13:01:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.298 HBD
`curator_payout_value`	0.097 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	183
`author_reputation`	895,122,805,291
`root_title`	"Are Users at Fault for Weak Passwords?"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,604,208
`net_rshares`	374,877,208,085
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
mrosenquist	374,479,066,789	100%
sou1iane	75,097,135	2%
cheneats	323,044,161	1.5%

@jacobite · Sep 6 '18

$0.08

The users are not to be blamed in the Vodafone case.

Now queries and filters can be defined for passwords acceptance. 

Even now auto-generated password is the order of the day

👍 mrosenquist

`author`	jacobite
`permlink`	re-mrosenquist-are-users-at-fault-for-weak-passwords-20180906t235636024z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2018-09-06 23:56:39
`last_update`	2018-09-06 23:56:39
`depth`	1
`children`	0
`last_payout`	2018-09-13 23:56:39
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.058 HBD
`curator_payout_value`	0.018 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	177
`author_reputation`	7,207,277,127,041
`root_title`	"Are Users at Fault for Weak Passwords?"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,552,153
`net_rshares`	73,023,418,023
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
mrosenquist	0 B		73,023,418,023	20%

@magic8ball · Sep 6 '18

To the question in your title, my Magic 8-Ball says:<blockquote>Without a doubt</blockquote><hr>*Hi! I'm a bot, and this answer was posted automatically. Check [this post out](https://steemit.com/introduceyourself/@magic8ball/introducing-the-magic-8-ball-bot) for more information.*

properties (22)

`author`	magic8ball
`permlink`	20180906t234204045z
`category`	security
`json_metadata`	{"tags":["test"],"app":"steemjs/examples"}
`created`	2018-09-06 23:42:03
`last_update`	2018-09-06 23:42:03
`depth`	1
`children`	0
`last_payout`	2018-09-13 23:42:03
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	282
`author_reputation`	-271,108,124,950
`root_title`	"Are Users at Fault for Weak Passwords?"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,551,289
`net_rshares`	0

@mchavarriaot · Sep 8 '18

$0.38

They're supposed to pay back $ after their accounts were hacked? How does that make any sense?

👍 mrosenquist

`author`	mchavarriaot
`permlink`	re-mrosenquist-are-users-at-fault-for-weak-passwords-20180908t060300856z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2018-09-08 06:03:03
`last_update`	2018-09-08 06:03:03
`depth`	1
`children`	0
`last_payout`	2018-09-15 06:03:03
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.371 HBD
`curator_payout_value`	0.004 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	94
`author_reputation`	617,296,971,735
`root_title`	"Are Users at Fault for Weak Passwords?"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,672,260
`net_rshares`	361,372,299,451
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
mrosenquist	0 B		361,372,299,451	100%

@ultimus · Sep 7 '18

$0.40

Many years ago when there weren't admin tools to define password requirements and check against common hashes, but nowadays system owners literally define and have great control over what is acceptable.   I can't blame the user as they will follow what is most convenient and acceptable.

👍 mrosenquist, miscellaneous, goblu96

`author`	ultimus
`permlink`	re-mrosenquist-are-users-at-fault-for-weak-passwords-20180907t005129482z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2018-09-07 00:51:33
`last_update`	2018-09-07 00:51:33
`depth`	1
`children`	0
`last_payout`	2018-09-14 00:51:33
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.396 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	287
`author_reputation`	6,664,676,750,516
`root_title`	"Are Users at Fault for Weak Passwords?"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	70,555,641
`net_rshares`	375,255,205,267
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
mrosenquist	370,734,276,121	100%
goblu96	1,036,104,481	100%
miscellaneous	3,484,824,665	100%