PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Passwords Cartoon – Security Awareness Training

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing.

What Can We Learn From Bad Passwords?

By Daniel J. Solove The SplashData annual list of the 25 most widely used bad passwords recently was posted for passwords used in 2015.  The list is compiled annually by examining passwords leaked during a particular year.  Here is the list of passwords for 2015, and below it, I have some thoughts and reactions to […]

Should the FTC Kill the Password? The Case for Better Authentication

Co-authored by Professor Woodrow Hartzog. Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being […]

Troublesome Password Practices and the Need for Data Security Training

By Daniel J. Solove A recent study by TeleSign revealed that many people engage in some troublesome password practices. Some of the most alarming findings from the report include: — 73% of accounts use duplicate passwords. — Nearly half of consumers have a password they haven’t changed in 5+ years — “Consumers have an average […]

The Worst Password Ever Created

by Daniel J. Solove People create some very bad passwords. In the list of the most popular passwords of 2014, all of them are terrible. Just look at the top 10: 123456 password 12345 12345678 Qwerty 123456789 1234 baseball dragon football

The $500,000 Value of Data Security Awareness Training

by Daniel J. Solove It has long been difficult to quantify the ROI of data security awareness training. But finally, I have been able to locate a number. According to a 2014 PricewaterhouseCoopers study: “The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs—in particular, training for […]