In this episode of Beneficial Intelligence, I discuss pseudo-security. The lock on your front door is not secure. It takes an experienced locksmith an average of 7.1 seconds to manually an average door lock, and it's even faster with a "pick gun."
If locks are so bad, why don't we have even more burglaries? Because your total security does not only depend on the lock. A would-be burglar has to contend with the risk of somebody being home, neighbors noticing you, a camera on someone else's house recording you, and cops grabbing you and putting you in jail.
Like locks, passwords also do not protect you. At least one of your thousands of users has re-used the company password somewhere else. That means it will end up in one of the large hacker databases where identities can be bought for pennies. Then a hacker can sit comfortably in a basement in Moscow and run software to try thousands of username/password combinations with zero chance of being caught.
In the military, I learned that barbed wire that was not constantly observed was dangerous pseudo-security. You think you are protected, but when the enemy attacks, you will discover that your wire has long since been cut.
Barbed wire cannot stand alone. Your door lock cannot stand alone. Your passwords cannot stand alone. You need to complement password security with two-factor authentication, IP address verification, time restrictions, network segmentation, anomaly detection, and all the other tools in the IT security toolbox. Passwords alone are pseudo-security.
Beneficial Intelligence is a weekly podcast with stories and pragmatic advice for CIOs, CTOs, and other IT leaders. To get in touch, please contact me at firstname.lastname@example.org