Five Tips for Keeping Passwords Safe
Check out the key issues your users should always be aware of when it comes to password security.
Passwords are often thought of as the first line of defense in data security, but there certainly seems to be a lot of discussion lately on their overall usefulness. Last month, for example, I talked about the validity of the age-old wisdom of changing passwords on a regular basis, where Roger Thompson, chief research officer at AVG Technologies told me:
I think it's absolutely pointless telling people to change their password every month. I also disagree with the idea about never writing your password down. This sort of advice made sense when people only logged in to one or two places, like the corporate network, and maybe an e-mail address somewhere.
Yesterday, the New York Times published an article that reported on a study by researchers at the University of Cambridge in England that found password-protected Web sites revealed a lack of standards across the industry that harms end-user security. The problem? Using the same password on low-security sites as on high-security sites. According to the article:
Attackers can use low-security Web sites such as news outlets to figure out passwords associated with certain e-mail addresses, and then use those passwords to access accounts at higher-security sites such as e-commerce vendors.
The researchers, Joseph Bonneau and Soren Preibusch, collected data from 150 sites. They found:
The large majority -- 78 percent -- of sites examined failed to provide users with feedback or advice on choosing a strong password. Only five sites let the user register password hints, a strategy that will encourage users to come up with stronger passwords. Just seven sites required users to mix numbers and letters, and only two demanded that passwords include non-alphanumeric characters as well.
Nearly all the sites allowed the user unlimited numbers of guesses if the user forgot the password.
Password security is an area where enterprise and end user can work together. Enterprise can encourage users to create stronger, unique passwords on their sign-in sites, and perhaps users will begin to take up better password practices.