April 14, 2017 By Kat Speer 3 min read

Welcome to “In Security,” the web comic that takes a lighter look at the dark wave of threats crashing across business networks, endpoints, data and users. Get acquainted with the team and catch up by reading Episode 001, Episode 002, Episode 003, Episode 004, Episode 005 and Episode 006


Dylan may think his wall of passwords is a giant leap for cybersecurity, but it’s really just a grave misstep toward disaster. Far be it from us over here at “In Security” to judge our comic protagonist too harshly, but in all seriousness, password security is no laughing matter.

I know what you’re thinking. Actually, you’re probably thinking one of three things:

  1. Psh, a password wall? What gives? Anyone who writes his or her passwords down is asking for it. I know how to protect my personal information with my passwords!
  2. Oh no, I’ve been caught. I write my passwords down in one of those trendy journals with sayings like “Live, Laugh, Love” on them.
  3. How can an agile workspace have so much personality?

I have neither the time nor the expertise to delve into the art of agile work space design, but the old topic of password security in the age of the cloud, social media, big data and analytics is of critical importance.

Familiar Advice

Although most of us have heard about password security, it’s simply human nature to become lax despite the most altruistic of intentions. As financial expert Dave Ramsey put it, life happens. It’s easy to forget about password security, amiright?

Many of us have heard — and have sometimes ignored — traditional password advice. As a reminder, here are some nuggets of wisdom that we all know but sometimes neglect to abide by:

  • Create passwords containing 12 to 16 characters.
  • Don’t use the same password for more than one account.
  • Keep your password weird. That’s right — channel all those quirky thoughts into the creation of your passwords. In the words of the 2012 hit by Macklemore and Ryan Lewis, “Thrift Shop,” don’t use the names of your “grammy, your aunty [or] your momma,” or other common words or phrases that attackers could easily guess. Use a healthy combination of numbers, symbols, uppercase letters, lowercase letters and spaces.
  • Spread the love when it comes to special characters. Rather, spread them throughout your passwords as opposed to slapping a group of them at the beginning or end.

Passwords Petering Out

Passwords, though they may be the industry standard for authentication, are being replaced by other methods that have proven to be safer and smarter. Companies are building multifactor authentication (MFA) methods into their products and offerings to further protect their customers’ identities and personal information.

MFA is a type of access control through which a user is granted access only after presenting several separate pieces of information to prove his or her identity. This information serves as an authentication mechanism.

Types of MFA include one-time passwords (OTPs), where a user is given a password or token that is good for one use only, and two-factor authentication (2FA), where a combination of components confirms the user’s identity. The information used in these processes falls into one of three categories.

  • Knowledge: Something only the user would know, such as a password or PIN number;
  • Possession: Something a user has, such as an OTP token or QR code; and
  • Inherence: Biometric forms of identification, such as fingerprint readers, voice authentication or retina scans.

IBM Takes On Password Security

For the third consecutive year, Gartner named IBM Security a leader in the Identity Governance and Administration space, and for good reason. Products such as IBM Security Access Manager help organizations secure and manage user access and protect applications against fraudulent and unauthorized access. An exciting add-on is the IBM Verify application, which adds an extra later of security to your online services by using two-step verification. It is available in the App Store like all cool apps are.

Do as I say, and not what our pal Dylan does. Be smart when it comes to password storage and add additional authentication mechanisms to your identity protection portfolio. Be vigilant in protecting your online identity.

More from Identity & Access

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today