With credential-stuffing making headlines when it comes to certain data breaches – including the recent HSBC breach reported earlier this week – the security community has continued to ponder an age-old question: Who is responsible for effective password hygiene and security measures? The account holder, or the service? And what solutions exist on both ends to promote better security measures?
To find out, Threatpost’s Lindsey O’Donnell speaks with Troy Hunt, a web security expert and the owner of Have I Been Pwned (a data breach search website allowing people to see if their passwords have been compromised), during this week’s Threatpost Podcast.
It’s a well-known fact that most people re-use passwords despite knowing that they shouldn’t, but Hunt believes that the responsibility is shared between the account holders, the organization responsible for the account and the person breaking into the account.
“So by all means, call it victim-blaming if you must, but when applied to making poor security decisions…the responsibility is a shared one,” he said a Thursday post.
Hunt, who recently said that passwords are never going away despite alternatives being available, sat down with Threatpost to further discuss the issue of responsibility when it comes to creating — and promoting — strong passwords.
For direct download click here.