Password Managers – An Ethical Requirement?

2/4/2020

In the article Your Pa$$word Doesn't Matter the author Alex Weinert says “ – your password, in the case of breach, just doesn’t matter – unless it’s longer than 12 characters and has never been used before – which means it was generated by a password manager”. The article goes on to note “your account is more than 99.9% less likely to be compromised if you use MFA”. This introduces a clear ethical issue for anyone not using a password manager and MFA (multi-factor authentication). Consider the following questions in relation to the five fundamental principles of ethics:

Professional Behaviour

Are the steps you take to protect the information entrusted to you an indicator of your professional behaviour?

Integrity and Due Care

Do you have an ethical requirement to take the necessary steps to ensure the integrity and Due Care of data?

Professional Competence

Do you have the professional competence to implement security over your organizations data?

Confidentiality

Is your organization maintaining the confidentiality of data?

Objectivity

Is your organization able to remain objective when assessing the risks of a data breach?

As you answer the questions consider if a competent and objective outsider may be needed by your organization to properly assess the risks and aid with the policy and procedural changes required.

As we apply the five fundamental principles of Ethics it will become clear to some that using password managers and MFA is an ethical requirement.

For others they do not see a password manager and MFA as an ethical requirement. Opinions on what is ethical behaviour and was is not is often diverse. If your organization is not using password managers and MFA hopefully this will start the conversation.

0 Comments

Authors

Ward Blatch
Ward provides consulting and training services as the Managing Director of K2E Canada Inc. He joined K2E Canada in 2005 and is responsible for the Canadian operations of this international consulting group, which provides professional development technology education for accountants across Canada and the US. Ward lives in rural Nova Scotia and can be reached at ward@k2e.ca.

Alan Salmon
Alan Salmon is recognized as Canada’s leading analyst in the area of accounting technology. He has nearly 35 years of business, management systems, education and journalism experience, has a degree in Science and an Advanced Teaching Certificate from the University of Toronto. Alan has now retired from teaching and lives in Brampton, Ontario with his wife Nancy. He can be reached at alan@k2e.ca

Tommy Stephens
Tommy is one of the shareholders in K2 Enterprises, affiliating with the Firm in 2003 and joining as a shareholder in 2017. At K2, Tommy focuses on creating and delivering content and is responsible for many of the Firm's management and marketing functions. Tommy resides in the metro Atlanta area. You may reach him at tommy@k2e.com.

Randy Johnson
Randy is a nationally recognized educator, consultant, and writer with over 40 years experience in Strategic Technology Planning, Accounting Software Selection, Paperless, Systems and Network Integration, Business Continuity and Disaster Recovery Planning, Business Development and Management, Process Engineering and outsourced managed services. Randy can be reached at randy@k2e.com

RSS Feed