All the latest UK technology news, reviews and analysis
|
|
|
25 Apr 2006
Poor password policy management is leaving firms open to hacking attacks, a survey published today at Infosec Europe 2006 has warned.
Nearly two thirds of the 500 IT administrators who responded to the poll considered the passwords of their users to be inadequate, either using common dictionary words, names or other weak passwords.
Overall 86 per cent of users used one password for all their sites or a very limited pool of passwords. Over 40 per cent fall into the former category.
"It is madness to use the same password for your banking site as for your football supporters' page," said Graham Cluley, senior technology correspondent at Sophos, which carried out the survey.
"If someone is using key-logging software they could get complete access to all your confidential information. Mistakes like this can be very costly."
A weak password is defined as one that uses either dictionary words, which can easily be broken using a software-led brute force attack, or recognizable names.
A strong password uses a mixture of upper and lower case letters, numbers and punctuation characters.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
An Infrastructure Technical Architect is required to...
Managed Services Process's Manager, ITIL V3 Intermediate...
My client is an excellent company within the media industry...
ASP.NET MVC, C# Developer (.NET, C#.NET, dot NET, Web...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
There is a Solution to Weak/Easily Hacked Passwords
Weak passwords are a HUGE issue that, for some odd reason, hasn't hit the IT Admin mainstream yet. I guess they don't realize that those sophisticated (and EXPENSIVE) firewalls and intrusion detection systems are rendered practically useless if there is a single weak password on their networks. The problem now is that companies are coming up with "Password Recommendations", or policies they have no way to enforce. Instead of making "recommendations", I don't understand why companies don't REQUIRE a strong password. There is a software solutions out there called nFront Password Filter that does just that...it REQUIRES strong passwords on Windows domains. With the option to have multiple policies, different users can be assigned different requirements. Along with its built in dictionary scan and ease of installation, IT Admins can have their networks more secure than ever in a matter of minutes. Now there's no more excuses.
Posted by: Matthew Jacoby 25 Jun 2008
Majority of passwords are very easy to crack
Is it any wonder when employers keep repeatedly asking to renew passwords every 5 mins. Surely one extremely difficult password is more effective than having to dream up new passwords again and again. Individuals if they felt that they were not being pestered to keep changing insecure passwords would surely take better care of them if they knew that they were valid for say 6 months at a time. Instead of leaving access details for all and sundry to view encouraging people to use secure passwords and keep the info secure would be a far better situation. I have 3 passwords to access a programme which is accessed throughout the UK. I have to logon into the server, e-mail and the network before I get to the item which I use day in and out.. Total overkill ! Yes the individual is the biggest danger but unless trust is given then insecurity will be the order of the day
Posted by: IAN McNICOL 25 Apr 2006