Wednesday, 17 August 2011

What's in a password?

What’s in a Password?

Can password combinations put network security at risk?
A recent report* has shown that less than 1% of employee passwords are random sequences, with the majority of workers choosing simple combinations. These can easily be deciphered and therefore could put network security in jeopardy. For example, a startling 14% of passwords were found to be as basic as a first name and surname combination. e.g (JohnSmith)

The study also revealed more startling results:

• 8% of passwords contained place names – most included the area where the person lived or was born (LondonUK)

• 14% of passwords were purely numeric and in some cases consisted of consecutive numbers (12345)

• 25% of passwords were random dictionary words (computer)

• Another 8% or so were made up of keyboard patterns, short phrases, words within the email address, and repeating words (asdf, myblackcat, @apple, redred – respectively)

These results provide a concerning insight into how easily the security of networks can be breached, even when password complexity rules are put in place by system administrators. It also highlights the increasingly important role of identity management software in protecting businesses against these risks.

There are a number of solutions that can be put in place, one of which is two-factor authentication. This requires securing the primary login using a pass-card or biometrics. Users log-in by presenting a pass-card/biometric to a reader and entering a PIN code rather than the standard username and password. Combining a pass-card/biometrics and a PIN code ensures a much stronger authentication, minimising the possibility of a network breach.

Tools4ever’s Enterprise Single Sign On Manager (E-SSOM) offers full integration with all common two-factor authentication readers, such as HID, Mifare, Biometrie, Gridtoken, proximity-based devices and RFID readers. E-SSOM offers native integration with the driver software of the (card) reader and links the pass-card ID to the user credentials (username/password) in Active Directory. No additional software is required to create this link guaranteeing a user friendly and secure login for all users.

For more information visit http://www.tools4ever.com/products/enterprise-single-sign-on-manager/

*Source: The science of password selection by Troy Hunt



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)