When users use bad passwords, bad things happen. But who’s really to blame? The users themselves for creating weak passwords, or the services that allow them to use those passwords in the first place?
Back in December, thousands of Ring camera users had their accounts taken over by hackers, who proceeded to spy on them and terrorize their families and children in the privacy of their own homes.
After conducting an investigation, Ring concluded that its system and network were not breached, and explained that affected users had reused passwords that hackers were able to obtain from other data breaches. Essentially, they blamed the users for reusing passwords.
Many were not too pleased with the company's response, criticizing them for victim-blaming and failing to take responsibility for their own security shortcomings. And so the age-old debate was once again reignited: who’s to blame for bad passwords?
On one hand, companies cannot simply assume that all their users are aware of the importance of good password hygiene and follow cybersecurity best practices. It’s up to them to set restrictions that guide users towards creating stronger passwords and encouraging them to set up two-factor authentication to protect their accounts.
On the other hand, companies can only do so much, and some, like cybersecurity expert Troy Hunt, argue that users must also bear some responsibility for their poor decisions. For example, companies cannot realistically be expected to prevent users from reusing the same password (strong as it may be) across all their various online accounts, and making a hacker's job a hundred times easier.
At the end of the day, the responsibility for creating strong passwords must be equally shared between both parties. Companies must do their best to steer their users in the right direction and educate them, and users must do their best to ensure their own protection and follow recommended best practices.
The easiest way for users to do that would be through a password manager, like Myki, which makes creating unique and complex passwords a piece of cake and even lets you know if any of the passwords you’re using are weak or have been reused.
Download Myki for mobile or desktop and take control of your digital identity.