“People aren’t machines. People don’t have perfect recall.”: Why it’s time to get realistic about passwords and people

Sometimes the art that we create tells us more about who we really are than all of the academic, journalistic, and educational materials that purport to describe real life. When fifteen year old video games do a better job of explaining our day-to-day corporate security challenges, it’s an indictment on our ability as security professionals to solve people’s problems.  

You’ve probably heard the phrase “art imitates life.” That idea came up during a lazy family evening last month when my oldest noticed a classic video was on sale in the Sony PlayStation store: Id Software’s beloved Doom 3 from 2004. My kid quipped “Only $4.99? I’d be a fool to not buy it!” So he did. He played through it an hour or two at a time in his evenings after work. Money well spent in two regards: first, he had a blast playing a retro title, and second, because it reinforced a valuable lesson regarding practical cybersecurity.  

Copyright Lyonsdown Limited 2020