News

10:14 AM
Connect Directly
RSS
E-Mail
50%
50%

How To Hack The Password Problem

Though they are often the weakest link, passwords aren't going anywhere anytime soon. Here's how to shore up and manage your organization's passwords

The security industry has been predicting the death of the password for at least a decade. In 2004, even Bill Gates said we would rely less and less on passwords over time. But now it's 2012, and even though Google offers two-factor authentication and World of Warcraft fans can use the Blizzard Authenticator, the majority of the world still relies on a single password to protect their email, banking sites, and computers.

The unfortunate fact is passwords are going to be around for a long time. They are the basic authentication mechanism built into everything from home wireless routers to enterprise mainframes. To really get beyond the traditional password, we would need a new technology that can provide true seamless and secure authentication (and authorization) without requiring the memorization of complex, difficult-to-remember sequences of letters, numbers, and symbols.

We've definitely seen plenty of technologies, such as hardware tokens and biometrics, that have helped with the latter area (memorization), but nothing with the former. We haven't seen any solutions that have been low-cost enough to become pervasive and eliminate the need for passwords. Simply put, we're stuck with passwords because they are easy to use, easy to implement, and cost nothing--except for the inherent risks that come with using something so easy to steal.

In my personal experiences performing penetration tests and responding to security breaches, I see a clear pattern of common password pitfalls that people fall into: password reuse, password sharing, poor password selection, and bad password storage practices.

What's surprising is it doesn't seem to matter whether the users of the passwords are technically savvy. The same mistakes occur among secretaries, network administrators, and even members of the security team.

The most common--and, typically, most damaging--issue is password reuse. Because of the sheer number of business-related and personal passwords that users are required to remember, users regularly use the same passwords on their personal email accounts as they use to log in to their computers at work. Sometimes users will create a small set that they use based on their general purpose, such as "March!82006" for all of their business accounts and "JustinBisCute!" for their personal accounts. The concern is that a compromise of one account puts all of the others at risk as well.

Read the rest of this article on Dark Reading.

When picking endpoint protection software, step one is to ask users what they think. Also in the new, all-digital Security Software: Listen Up! issue of InformationWeek: CIO Chad Fulgham gives us an exclusive look at the agency's new case management system, Sentinel; and a look at how LTE changes mobility. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GR8Day
50%
50%
GR8Day,
User Rank: Apprentice
5/22/2012 | 4:46:18 PM
re: How To Hack The Password Problem
What makes a good password is having some to back it up like some form of 2FA (two-factor authentication) where you can telesign into your account. It's very important that the leading companies in their respective verticals are giving users the appropriate additional layer of authentication and security for access to accounts and transaction verification without unreasonable complexity.
Bprince
50%
50%
Bprince,
User Rank: Apprentice
4/27/2012 | 11:36:08 PM
re: How To Hack The Password Problem
I use unique passwords for all the important stuff (personal email accounts, Facebook, etc), but the downside is that recently when I changed them, I immediately forgot them (or misspelled the words I used) and was therefore locked out of two of my accounts for 24 hours. :)
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Twitter Feed