These days security is always front and center. It seems like every week brings us new news on how our government is spying on our communications, how hackers got into a new company and how supposedly private information is readily available through your search engine of choice. Never has more of our private information been available to those who desire it.
But this is not a reason to give up on security in general. Your password strength does matter. How you select usernames is important. How you design your site’s security matters.
Take a look and you will find that each of the sites that you use has different ways of handling security. Some hand-off credentials between services, some are self-contained, some don’t allow special characters in passwords, and still others won’t let you have passwords over 8 characters (while others require more than 8). Let’s just simplify and say there aren’t standards.
The key good security in this world is having a thought through policy. Passwords do not have to be changed every 90 days to make them more secure (in fact I would argue that this policy often makes passwords less secure). Ultimately security starts with your infrastructure. If we’ve seen anything, poorly created infrastructure is the single biggest weakness to most hacks. Your actual user security is a front-end – no matter how good it is someone can still get in from behind.
Thoughtfulness is a key to many things but is paramount for security. Getting the basics right will often be good enough if everything is setup right. From there you can enhance and improve. Security is only as strong as the weakest link.