Telling the truth about SME life today

What’s in a password Your staff may as well broadcast credentials to the world

Share on facebook
Share on twitter
Share on linkedin
Share on email

“Whats in a name is the oft mentioned and overly famous line muttered passionately by Shakespeares Juliet Capulet to her star-crossed lover Romeo Montague.

A name is an artificial and meaningless convention, she says; she loves the person who is called Montague,” not the Montague name and not the Montague family.

Really, what is in a name Would a rose or dirt or a soliloquy do the same thing if each contained a different name

What about password Is a password nothing more than a name or number of meaningless characters truncated on the screen and required to ensure the safety of the user

Or, are passwords merely artificial and meaningless conventions, like names, which Shakespeare so eloquently romanticised  

Can these names (password combinations) put network security at risk According to a somewhat recent (2011) report, passwords of employees are highly predictable, and, frankly, pretty easy to breach. The names,” therefore, are pretty easy to guess. 

Thus, unfortunately, only one per cent of employee passwords are random sequence, and seem to true carry the moniker of their namesake a true password. Most workers simply pick some relatively easy combinations of alphanumeric combinations that are traditional to them or easy to remember and pretend they are passwords.

Might as well broadcast their credentials to the world for all they do to put some effort into creating them. In laymen terms, most people usually use the same passwords for many, many user accounts, and these can easily be deciphered.

Therefore, the passwords they use are little more than bits of easily digested information that only claim to be a password in name alone; they are usually meaningless, of little good. As such, they place a networks security at risk. 

Though it may be startling, millions (probably billions) of passwords exist merely as straw men. They divert the argument from the real problem and cover up the fact that most users have passwords simply to solve the problem of producing some name or term to get what they want out of the systems they must access. Proof is this is that a whopping 14 per cent of passwords found are as basic as a first name and surname combination: e.g, JohnSmith

Taking a look a more recent government survey, from October 2014, three quarters of Britons, for example, use passwords that are not secure, including the use of their pet’s name, their own place of birth or something related to a favourite sports team. 

The findings showed the most popular passwords are Password and 123456. Not real passwords in the definition of the term.

Read more on security and hacking:

This data varies little from the 2011 data that stated eight per cent of passwords contained place names, most included the area where the person lived or was born (LondonUK?); 14 per cent of passwords were purely numeric and in some cases consisted of consecutive numbers ( £12345?); and 25 per cent of passwords were random dictionary words (computer ).

Another eight percent or so were made up of keyboard patterns, short phrases, words within the email address and repeating words (asdf, myblackcat, @apple, redred).

 Simply put, dont do this. 

Use different passwords across sites, and ensure that each of them contains different characters and they are not easily guessed. 

The results of these and other surveys provide concerning insight into how easily networks can be breached even when password complexity rules are put in place by system administrators.

These results also highlight the increasingly important role that identity and access management solutions are now playing in protecting businesses and organisations of all types against these risks, brought on by their employees and poor password protocols. 

As organisations continue to seek ways to pass on the password, they are beginning to find the value in enterprise solutions that can better, and automatically, manage these issues. For example, two-factor authentication requires securing the primary login using a pass card or biometrics.

Thus, users log-in by presenting a pass card/biometric to an electronic reader and entering a PIN code rather than the standard username and password. Combining a pass-card/biometrics and a PIN code ensures a much stronger authentication, minimising the possibility of a network breach. 

Or, still other solutions simplify the process further by deploying an enterprise single sign-on manager that offers full integration with all common two-factor authentication readers, proximity-based devices and RFID readers.

One login means employees only must login on account and all others are opened when needed during the session. And, before you begin to suggest that one password is less secure than many, remember that the more passwords have to remember them so they likely write them down and store them near or around their computer. With only one credential to remember, people are less likely to store it insecurely.

In such a case, the password will really be a password, in more than name, indeed.

Robert Doswell is managing director of Tools4ever UK, part of the worldwide provider of identity and access management solutions.

Trending

Topic

Share on facebook
Share on twitter
Share on linkedin
Share on email

Related Stories

More From

Trending

If you enjoyed this article,
why not join our newsletter?

We promise only quality content, tailored to suit what our readers like to see!