How to overcome weak passwords

By

The importance of setting strong passwords is hammered into us every week. We visit websites which have registration forms that tell you how secure your chosen password is. We hear about it on the news. We see it in emails we get every few months reminding us to update our passwords. So, you'd have thought by now, that most people use somewhat strong passwords, right? Unfortunately that's just not the case, and it's quite likely that insecure passwords are some of the largest vulnerabilities that exists in your organisation.
Let's take a look at Adobe's data breach. It was a widely reported security disaster, whereby ~150 million encrypted passwords were leaked, creating one of the biggest crossword puzzles of all time. It didn't take long for people to start trying to crack it, and within no time at all, a list of the 100 most commonly used passwords were released. Of the 150 million leaked passwords, 1.9 million were "123456", 450 thousand were "123456789" and 350 thousand the famous "password". In total, 5.96 million of the passwords leaked were in this top 100 list. About 4%. Now, if people are doing this with their online accounts, what about their computer passwords? Company email credentials? Intranet login details? Accounting software logins... It doesn't take much for an attacker to test 100 common passwords against a few hundred employees. How long will it be until they find a match, and compromise your systems? Not long. What's an organisation to do about it, though? Weak passwords are a lot like the flu of information security. A persistent problem that we don't seem to be very good at solving. Lots of promising options have so far been slow to replace passwords, but there are a few reasonable options available to organisations.
1.      Single Sign-on
Single sign-on is all about reducing the number of places your employees need to login. Combining systems so that one remembered password is enough. This means that all employees can use one secure password for their single sign-on login, and not have to worry about any others, resulting in more secure password choices. The great thing about single sign-on is that it also simultaneously improves productivity. Employees spend less time trying to remember usernames, passwords, and phoning up IT, and more time doing their job. Of course, single sign-on isn't without its risks. If an employee's main password is compromised, all of the systems they can access is compromised. This means that educating employees on secure password best practices is vital.
2.      Biometrics
Biometrics are taking off slowly, but offer an excellent opportunity for organisations to eliminate passwords altogether. There are still issues, for example Lenovo's ThinkPads had fingerprint scanners for authentication that were great for a while, but once the sensors got dirty it took countless swipes to gain access, and a whole load of user frustration. That's far from perfect. One promising area in biometrics are voice recognition tools. There's some impressive technology around like Nuance's voice biometrics solution that allows employees to authenticate themselves with their voice.

3.      Bringing it Together With Two-Factor Authentication
Perhaps the most favored way to improve password security is to combine more than one authentication method. If you're going to use single sign-on with a password, combine it with a second method of authentication. For example, when someone signs-in, send a text message to their mobile phone with a unique number they need to input to login for that particular session. Another two-factor option available is to combine a single sign-on password with biometrics. How about having users use voice authentication in addition to their password? Two-factor authentication makes life much harder for attackers. It's a much bigger challenge to acquire both someone's password, and full access to their mobile phone, or a password and their voice for authentication. So don't let password security get swept under the mat. Think about how your company manages employee passwords, and what can be done to improve the situation. It's too big of an issue to be ignored.

Mr. Manoj Kumar
Assistant Professor
Computer Science Engineering



Comments

Post a Comment

Popular posts from this blog

Teacher As: Critical Pedagogue

By
Education is not only a process of cognitive development. It is a process of overall development of the child. The whole teaching learning process consist with three important components i.e student, teacher and curriculum. In the process of curriculum construction, evaluation and feedbacks are an important aspect to redesign the curriculum. Evaluation cannot be made on the basis of academic achievement of the students. Teacher should play an important role in the construction of curriculum as well as transaction of curriculum. Thus there is a need that teacher should take initiative to evaluate the whole education system as a Critical pedagogue. It is an ability to evaluate our teaching and the practices prevailing in existing education system critically in relation to methods and practices adopted by the teacher to teach concern pedagogical subjects. Ira Shor defines “ Critical pedagogy is habits of thought, reading, writing and speaking which go beneath surface meaning, first impr
Read more

ROLE CONFLICT PROBLEM AMONG WORKING WOMEN

By
Women of India have marked their significant presence in the world in various fields. They have been given the status of power and prestige in India.    Indian women has got much more significance in today’s developing times. Where until lately, they were shadowed by patriarchal dominance, the contemporary women in India have moved beyond all social boundaries to emerge as triumphant leaders of tomorrow. Not only has She taken up courageous roles in society, her own individuality as a ‘woman’ has now got an improvised meaning. The world has changed for females in India now. The daughters are pursuing successful ambitions in the male dominated corporate scenario and mothers are taking up flextime jobs to showcase their exceptional managerial talent. Today, our women have stepped out to become bread earners of the family. Although the trend is yet developing in India, The IT-BPO sector is becoming a female dominated industry in India with a significant number of capable and qualified f
Read more

Rights and obligations of Issuer, Participant and Beneficial owner under the Depository Act, 1996

By
As per section 17 of depository Act the rights and obligations of the depositories, participants and the issuers whose securities are dealt with by a depository shall be specified by the regulations. Under the Depository Act, 1996 depository means a company formed and registered under the Companies Act, 1956, and which has been granted a certificate of registration by SEBI under sub-section (1A) of Section 12 of the Securities and Exchange Board of India Act, 1992 ). (Section 2(1) (e)) Work of Depository- The word ‘depositary’ is defined as “the party of the institution (company) receiving a deposit. A depository holds securities (like shares, debentures, bonds, Government Securities, units etc.) of investors in electronic form. Besides holding securities, a depository also provides services related to transactions in securities. It acts as a trustee of the owner since the securities are entrusted with him in trust. He is also the agent of the owner of the securities. Thus
Read more