Light Dark
April 14, 2017 By Kat Speer 3 min read
Identity & Access

Welcome to “In Security,” the web comic that takes a lighter look at the dark wave of threats crashing across business networks, endpoints, data and users. Get acquainted with the team and catch up by reading Episode 001, Episode 002, Episode 003, Episode 004, Episode 005 and Episode 006


Dylan may think his wall of passwords is a giant leap for cybersecurity, but it’s really just a grave misstep toward disaster. Far be it from us over here at “In Security” to judge our comic protagonist too harshly, but in all seriousness, password security is no laughing matter.

I know what you’re thinking. Actually, you’re probably thinking one of three things:

  1. Psh, a password wall? What gives? Anyone who writes his or her passwords down is asking for it. I know how to protect my personal information with my passwords!
  2. Oh no, I’ve been caught. I write my passwords down in one of those trendy journals with sayings like “Live, Laugh, Love” on them.
  3. How can an agile workspace have so much personality?

I have neither the time nor the expertise to delve into the art of agile work space design, but the old topic of password security in the age of the cloud, social media, big data and analytics is of critical importance.

Familiar Advice

Although most of us have heard about password security, it’s simply human nature to become lax despite the most altruistic of intentions. As financial expert Dave Ramsey put it, life happens. It’s easy to forget about password security, amiright?

Many of us have heard — and have sometimes ignored — traditional password advice. As a reminder, here are some nuggets of wisdom that we all know but sometimes neglect to abide by:

  • Create passwords containing 12 to 16 characters.
  • Don’t use the same password for more than one account.
  • Keep your password weird. That’s right — channel all those quirky thoughts into the creation of your passwords. In the words of the 2012 hit by Macklemore and Ryan Lewis, “Thrift Shop,” don’t use the names of your “grammy, your aunty [or] your momma,” or other common words or phrases that attackers could easily guess. Use a healthy combination of numbers, symbols, uppercase letters, lowercase letters and spaces.
  • Spread the love when it comes to special characters. Rather, spread them throughout your passwords as opposed to slapping a group of them at the beginning or end.

Passwords Petering Out

Passwords, though they may be the industry standard for authentication, are being replaced by other methods that have proven to be safer and smarter. Companies are building multifactor authentication (MFA) methods into their products and offerings to further protect their customers’ identities and personal information.

MFA is a type of access control through which a user is granted access only after presenting several separate pieces of information to prove his or her identity. This information serves as an authentication mechanism.

Types of MFA include one-time passwords (OTPs), where a user is given a password or token that is good for one use only, and two-factor authentication (2FA), where a combination of components confirms the user’s identity. The information used in these processes falls into one of three categories.

  • Knowledge: Something only the user would know, such as a password or PIN number;
  • Possession: Something a user has, such as an OTP token or QR code; and
  • Inherence: Biometric forms of identification, such as fingerprint readers, voice authentication or retina scans.

IBM Takes On Password Security

For the third consecutive year, Gartner named IBM Security a leader in the Identity Governance and Administration space, and for good reason. Products such as IBM Security Access Manager help organizations secure and manage user access and protect applications against fraudulent and unauthorized access. An exciting add-on is the IBM Verify application, which adds an extra later of security to your online services by using two-step verification. It is available in the App Store like all cool apps are.

Do as I say, and not what our pal Dylan does. Be smart when it comes to password storage and add additional authentication mechanisms to your identity protection portfolio. Be vigilant in protecting your online identity.

 |  |  |  |  |  |  | 
Kat Speer
Information Developer, IBM

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature