I don’t know how many clients over the last decade I’ve been trying to get this basic fact through their very thick business skulls, but here goes again:
PASSWORDS ARE NOT FREE
PASSWORDS ARE NOT CHEAP
PASSWORDS ARE NOT SAFE
PASSWORDS ARE NOT ACCEPTABLE FOR HIGH VALUE DATA / APPLICATIONS. EVER.
Vodaphone has found this out to their immense cost and on going public relations disaster.
By changing the faulty business decision (passwords) every 24 hours, VHA are sticking their finger in the leaky dyke. They sell mobile phones. They could step up to two factor / transaction signing with mobiles for CHEAPER than passwords. Especially for them. This is an opportunity for VHA to say – look we’re leveraging our unique selling point (mobile phone operator) to provide world class security. Instead, they choose passwords.
Stop using passwords. Their time was done more than 10 years ago, if ever.