RSS feed Get our RSS feed

News by Topic

BizReport : Internet : May 03, 2013

How we're failing with password security

When it comes to online security too many people - including people who access websites from work - aren't being careful enough with their passwords. Why does the password system need an overhaul? Read on:

by Kristina Knight

Kristina: Password security has been a buzzed about phrase for a few years, and yet still it seems like most people ignore it. Why is that?

Bill Carey, Vice President of Marketing/Business Development, Siber Systems: Passwords are absolutely essential to restrict access to valid users. Unfortunately, our list of passwords keeps growing. It's now common for a typical computer user to have 20 to 30 different passwords or more. The main reason people ignore common password security practices is that they cannot remember more than three to five strong passwords at a time. And when users need to change their passwords frequently, it becomes increasingly difficult. Because of the difficulty involved, users often:

• Forget their passwords, which requires numerous calls to the helpdesk to retrieve or reset their passwords.
• Write down their passwords or store passwords in unsecured files on their computer, which reduces the effectiveness of a secure password.
• Rely on the browser, cookies or an unsecured website to remember their passwords.
• Use simple and easy to remember passwords that can be compromised without difficulty.
• Recycle and reuse combinations of the same passwords.

Kristina: On a personal level, many people have upgraded their security passwords or questions. Why aren't they also making that change for their professional accounts?

Bill: Many times professional accounts do not have security questions. In a typical corporate setting, the IT department is focused on the password. The company may put into place certain parameters for establishing a strong password such as:

• Passwords must be a least 6-8 characters long.
• Passwords should never be a common word found in the dictionary and should contain at least one letter and one digit. Even stronger passwords should contain at least one punctuation mark or special character.
• Passwords should contain a mix of uppercase and lowercase letters.
• Passwords should be changed every 30 days.

But there is typically no easy way for users to recover their password if it is forgotten. In most cases, the user will have to call the IT department to request a password reset. There is usually no way to do a reset by answering security questions.

More from Bill and Siber Systems tomorrow, including his top tips for overhauling business password plans.

Tags: business security, online passwords, online security, Siber Systems

Subscribe to BizReport

  • Allan_Simmons

    I'm a big fan of RoboForm, it is great for generating secure passwords but most of all it saves me SO MUCH TIME! I do a lot of online shopping and being able to fill forms automatically is too easy, I will never go back.

  • Skyler Ramirez

    Having come from Lastpass to RoboForm I can see where password concerns come from. After LP had their breach I didn't feel safe at all, switched over to RF and haven't been happier.

  • Jim Nisi

    Great article, I actually use RoboForm to generate more than 8 character passwords for my various sites. Nifty little tool.



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.