|
|
|
|
|
|
|
|
Passwords and the Human Factor
Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.
It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.
The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.
The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a naïve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.
These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.
Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.
Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.
In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.
About The Author
Terrence F. Doheny
President, Beyond If Solutions,LLC
PC World
Business Wire (press release), CA - 21 hours ago
In making the announcement, Magee said, “Walt is the most well-respected personal technology reporter in the industry, and his insights on new products not ...
Fox Business Snatches WSJ's Walt Mossberg From CNBC Silicon Alley Insider
Walt Mossberg to Join Fox News: What? PC World
Walt Mossberg and the Fox-Journal-CNBC Loophole Conde Nast Portfolio
all 19 news articles
Computerworld
Times Online, UK - 3 hours ago
Microsoft released its patch yesterday as part of it regular patch schedule, and automated updating should protect most personal computers. ...
New flaw could let hackers control web Australian IT
New ‘security patch’ software tackles major internet security breach News Locale
all 209 news articles
Forbes, NY - 15 hours ago
It's important to note that the Wiretap Act was created before the advent of personal computing and online communications and was written to apply to phone ...
PR Web (press release), WA - 3 hours ago
Hands-on activities and technology resources give students an applied understanding of high school personal finance and economics. New York, NY (PRWEB) July ...
Ottawa Citizen, Canada - 7 hours ago
The executive turnover at Ottawa technology startups is picking up. Natural Convergence said Patrick Smith is the new chief executive of the seven-year-old ...
San Francisco Chronicle, USA - 10 hours ago
Ultrawideband technology promises to offer personal-area networking (that's industry-speak for short-distance networking) capability similar to Bluetooth, ...
Washington Post, United States - Jun 26, 2008
Read transcripts of Rob's past tech discussions here. Rob Pegoraro: Welcome! My story today is about shooting things with a handheld device--no, ...
NetworkWorld.com, MA - 17 hours ago
Card users are allowed to authorize their transactions by scanning their fingerprints, an alternative to less-secure verification by PIN (personal ...
Salt Lake Tribune, United States - Jun 24, 2008
The TV uses stereoscopic technology called TriDef from DDD Group Plc in Santa Monica, Calif., which works by sending the same image separately for the left ...
CNET News
ITWeb, South Africa - 6 hours ago
Intel, whose biggest rival is Advanced Micro Devices, said it also plans to develop next-generation 3D viewing technology for home theatres, personal ...
Studio Chooses Intel for Chip Pact Wall Street Journal
DreamWorks and Intel Join To Power 3-D Filmmaking Sci-Tech Today
all 281 news articles
Wind Chimes and more... Projectors have come a long way in the past few... Read More Ad Blocking is getting to be a common sport on... Read More Below you will find some useful information and comments about... Read More Unless you place your faith in internal search engine software... Read More What is a Refurbished Computer?Refurbished Computers. Remanufactured Computers. Reconditioned Computers.... Read More Winter?the official start of the cold and flu season. Though,... Read More Just The Facts, Ma'mPalm pilots are all the rage now.... Read More Good Morning Mr. Sampson. Please type in you Personal Identification... Read More In this era of Internet, most people are frequent users... Read More Yes, it's true. You may have inadvertently invited a spy... Read More When you think of a help desk, what do you... Read More Heading off on vacation soon?Then perhaps you're tempted to take... Read More I have a p3 500MHz PC with 128MB RAM, 10.2... Read More Feeling overwhelmed in selecting a new TV? With all the... Read More I got my eyes set on a iPod mini, as... Read More Feeling overwhelmed in selecting a new TV? With all the... Read More In the first part of this home lab tutorial, CCNA... Read More Choose Not To ConformPalm pilots and pdas are constantly growing... Read More Those small USB drives have so many names, pocket drives,... Read More The Cisco Certified Network Associate (CCNA) Certification is meant for... Read More How long do you think DVDs have around? 20 years?... Read More Passwords have a strange dual nature. The stronger and safer... Read More It's hard enough as it is these days to get... Read More Buying Your PCBuying a PC that's right for you and... Read More Most people download and save so much information on their... Read More
Windchimes
for great gifts!
Consumer Electronic Information: The Basics of the DLP Projector
Why Using an Ad Blocker Can be a Bad Idea
Review of Rio MP3 Players
Put Order and Information into File Names
Refurbished Computers on the Internet
Are You Well Protected?
How Does a Palm Pilot Work?
Password Nightmares
How To Search Your PC With Google Desktop
Have You Invited A Spy Into Your Computer?
The Help Desk
7 Reasons NOT to Take Your Laptop on Holiday!
Basic Problem in a PC
Help, I Need a New HDTV! (Part 1 of 5)
The Ipod Mini: Why Its Not that Hot
Help, I Need a New HDTV! (Part 2 of 5)
Cisco Certification: Building Your Home Lab, Part II
Connect Your IPAQ to Linux
USB Drives - What to Look For in a USB Device
CCNA 640-801 Certification Primer
A Peek Into the Near Future of Electronics Technology
Passwords and the Human Factor
5 Steps to Removing PC Clutter
Tips for Buying a PC
Five Simple Steps to Speed up Your Computer
Help, I Need a New HDTV! (Part 3 of 5)
Feeling overwhelmed in selecting a new TV? With all the... Read More
Compile .BAT Files into Native Windows Applications (.EXE)
Since the DOS days, batch files have been one of... Read More
A Tale of Two Regeds
Tech support tells me to type 'regedt32' as opposed to... Read More
Choosing a Portable MP3 Player: Part 1
MP3 players are everywhere! It seems that the number of... Read More
4 Easy Ways to Speed Up A Sluggish PC
Computers are supposed to speed up our productivity?to help us... Read More
COOKIES - What Are They!!
Cookies, not the kind that Mom makes, but the computer... Read More
Review of Rio MP3 Players
Below you will find some useful information and comments about... Read More
HTML Explained: Part 1
Want to save money while promoting your web-based business? Of... Read More
Linux Power Tools - Great Tools to Make System Administration Easy
World War II - Germany decided to attack Poland. Poland... Read More
D2X Digital SLRCoolpix 8800 Actually Refers to Two Nikon Cameras
Addressing a D2X Digital SLRCoolpix 8800 search, this article provides... Read More
Computer Viruses are Bad Luck
OK, so you caught a computer virus and your system... Read More
Occupational Therapy and PDAs
Occupational Therapy Made EasierMedical downloads for the pda have improved... Read More
Best PC Pocket GPS
Stop Getting LostOne of the greatest uses for a pocket... Read More
Microsoft Great Plains Dexterity Customizations
Microsoft Business Solutions is on the way to popularize it's... Read More
Is Digital Camera Technology Making Film Obsolete?
Perhaps not yet, but the handwriting might be on the... Read More
Upgrading Your PC for Non-experts
IntroOne of the big advantages of PCs over earlier types... Read More
Can Movie Theatres Compete with Home HD TV in the Future?
The battle is heating up for market share, home movie... Read More
Why Build Your Own Computer System
Have you ever thought about building your own computer system?... Read More
5 Ways to Speed Up Your PC
No matter how fast your processor and regardless of how... Read More
Buying A PC Flat Screen Monitor
For six years, my Samsung PC 13.8 inch SyncMaster conventional... Read More
Portable DVD Players - Things To Know
In my humble opinion nothing makes a long trip easier... Read More
Windows PDA Medical Software Benefits
PDA Medical BenefitsIf you are concerned about your medical history,... Read More
Web Standards
HTTP ProtocolThe web is run on port 80. You are... Read More
Advantages and Guidelines of Automated Testing
"Automated Testing" is automating the manual testing process currently in... Read More
Is Your Web Browser Putting You At Risk?
It's free, it comes with Windows and it's used by... Read More
Personal Technology |