Home – New Forums Tech talk How to really convince a client that his passwords need to be far more complicated? Reply To: How to really convince a client that his passwords need to be far more complicated?

#1211217
cottsak
Member
  • Total posts: 2
Up
0
::

Explain that “password reuse” is the primary cause of identity and online account theft.

Then show them how at risk they are by inviting them to plug one or two of their emails into fellow Auzzie InfoSec celeb Troy Hunt’s site https://haveibeenpwned.com/ (yes this is safe to hand over your email to).

Then, when they undoubtedly list as being affected in one or more data breaches, explain that their passwords may be open to the wild of the internet and nefarious actors (this is not FUD – if you’re part of a breach with poorly secured passwords, your password is in fact out in the wild). Ask them if they’re possibly reusing passwords or part-passwords across sites and they’ll soon realise that their current accounts might be accessible to hackers.

This is where you have the “password manager talk”. Suggest well known products like LastPass or 1Password. Converting more folks to password managers, killing the reuse habit and generally strengthening passwords everywhere (these tools have great features for generating secure passwords), is something we all need to do to protect each other, our families and private data in general.

EDITED to clarify: ask the client to test their email on https://haveibeenpwned.com. Don’t do that on their behalf. Thanks [USER=53375]@bb1[/USER]