Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Trivial password usage remains high despite changing IT threats

09 October, 2007
A recent McAfee survey revealed that the proliferation of password requirements has led to more people using the same password for everything and the choice of password isn't always up to what it should be.
In the late 80's when the height of removable media technology was the innovative reduction in size and floppiness of the 5.25in disk to a much more pocketable 3.5in and viruses were just an excuse to take a day off work, the office where I worked had a very forward-thinking IT administrator who forced us to change passwords every month and built in some code that prevented us from recycling old ones. After a couple of months of carefully recording our new passwords in our desk diaries so we wouldn't forget them, one particular departmental bright spark shared his idea of beating this terrible and intrusive system. From that moment, everyone in the department used the same formula for generating a new password between 6 and 8 letters â€.. april87, mayyy87, junee87 and so on.

In today's environment, this would be laughable, wouldn't it? Well, it wasn't considered particularly secure then either but now the threat is much higher. Despite this, McAfee's recent password survey revealed a situation which in some ways is even worse with 41% of the British never changing their passwords at all and 16% using the same password to access everything. This last one is particularly worrying since there are many instances where some sites ask for registration details to collect demographics about who is using the site. Sometimes, they ask for a password but this is just a field on a form which is unencrypted and easily compromised. If you have an all-for-one and one-for-all attitude to passwords, this single form can compromise your entire system of access†to everything.

What did McAfee find out about the actual passwords used? Mother's maiden name, pet's name and favourite football team were all in the top five which are fairly bad but I've heard worse including surname and date of birth, children's name and my favourite, bank card PIN number based on the amazing logic that this is both secret and memorable â€" things start to become clearer why the identity thieves have such an easy life.

The problem that we all face of course is that we need to enter passwords and PIN numbers for everything and so if we have to keep changing them and thinking up original, hard to crack combinations of letters, cases and numbers, how do we keep track of them all and remember what to use for which application? Its true that this is a dilemma which is why so many people think up one "uncrackable" password and then use if for everything. However, there are alternatives. One option is to use password safes, encrypted vaults to keep all this knowledge but my own preference is to march on with new technology and start using dual authentication methods like the on-line banks use or biometrics. There are biometric providers offering low cost access control products for computers, mobile phones and even cars using either a camera or a fingerprint scanner. Couple that to a password and the chances of unauthorised access shrink to almost nothing.

Bookmark and Share