Friday, October 12, 2018

Passwords don't make everything more secure

from here

Thanks to Bloorjack Horseman for reminding me of this problem. Though I haven't encountered it (yet) with Adobe Reader (probably because I use something else to view PDFs), I have seen needless sign-in requirements added to other things, like Visual Studio.

You might think that forcing you to log into an app makes it more secure. Taken to an absurd extreme you might even think this would solve the problem of software vulnerabilities because PoC exploits wouldn't even be able to pop CALC.EXE without knowing the right password.

But here's the paradox - the more things that require passwords, the more people will get burned out from entering passwords and ultimately the more it will encourage people to not only use simple passwords but to also reuse them everywhere.

Adding sign-in requirements to things that could (and for a long time did) work perfectly well without them is just going to exacerbate the password problems we're already struggling with. It will make security worse, not better.