Passwords Are Broken. What Now?

On Saturday, The New York Times was brave enough to say what we all know: Passwords are inherently insecure. And this insecurity can't be blamed on the users who write passwords down and post them on their computer monitors, use one of the common passwords, or don't change their passwords often enough. Even if users followed these basic rules, passwords still wouldn't work because the log-on procedure itself is risky due to phishing, keystroke logging, and other security threats.

While the article suggests using an alternative that depends on cryptography instead of mnemonics, currently it looks like there isn't a good solution for this problem. (For those of you who are suggesting biometrics, fingerprints aren't as secure as you would think: Burn Notice taught me that a copy of the fingerprint is left on the scanner and can be pulled off with Play-Doh to be used again.)

So since it looks like it will be a while until there is an accepted replacement for passwords, I've pulled together some resources to help you educate your users about password security.

MLSA's Use of Project Management Software Highlighted

Montana Legal Services Association was highlighted in a recent Idealware article. Written by Michelle Murain (who you can follow on Twitter) and Laura Quinn, the article discusses three project management software packages (Basecamp, Central Desktop, and Trac) and how they have been implemented by three different non-profits. The article is a quick read that gives concrete ideas for how to use the software as well as what the organizations have found to be useful and not so useful. - K