Passwords and the Human Factor

Home
>
Personal Technology
>
Passwords and the Human Factor

Passwords and the Human Factor

Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.

It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.

The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a naïve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.

Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

About The Author

Terrence F. Doheny

President, Beyond If Solutions,LLC

www.beyondifsolutions.com

terry@beyondifsolutions.com

In The News:

Yahoo! News: Top Stories

Obama announces Clinton, Gates for Cabinet (AP)

AP - President-elect Barack Obama named former campaign rival Hillary Rodham Clinton as his secretary of state on Monday, and announced Robert Gates would remain as defense secretary, making President Bush's Pentagon chief his own in the drive to wind down the U.S. role in Iraq.

Obama still looks for Iraq pullout in 16 months (AP)

AP - Barack Obama says the U.S.-Iraq security agreement approved by Iraq's parliament puts the U.S. on a "glide path" toward reducing forces there.

Pelosi hopes for stimulus bill by Inauguration Day (AP)

AP - House Speaker Nancy Pelosi is promising Congress will try to have a huge economic recovery bill ready for President-elect Barack Obama as soon as he takes office.

Holiday shopping season off to a modest start (AP)

AP - The Thanksgiving shopping weekend may not have been the disaster some had feared, but unprecedented discounts and tempered buying likely resulted in overall soft sales as a buying binge on Friday quickly fizzled. Now, online retailers are ramping up deals to turn skittish shoppers into "Cyber Monday" spenders.

India clears bodies from last Mumbai siege site (AP)

AP - Soldiers removed the last bodies from the shattered Taj Mahal hotel Monday as India formally demanded Pakistan take "strong action" against those behind the 60-hour siege that left at least 172 people dead.

Palin campaigns in Ga.'s US Senate runoff (AP)

AP - Alaska Gov. Sarah Palin implored Georgia Republicans to back Sen. Saxby Chambliss in his hotly contested Senate runoff, telling a cheering crowd Monday that the first step in rebuilding the GOP begins with the Southern state.

Manufacturing index drops to 26-year low (AP)

AP - A measure of U.S. manufacturing activity fell to a 26-year low in November as new orders dropped for the twelfth consecutive month, a trade group said Monday.

Sending spam in Israel could mean a big fine (AP)

AP - Israel has gotten fed up with spam. Anyone who sends out messages without receiving the recipient's consent can now be slapped with a big fine.

'Four Christmases' finds $31.7M in holiday cheer (AP)

AP - Thanksgiving weekend movie crowds gobbled up the Reese Witherspoon and Vince Vaughn holiday comedy "Four Christmases," which debuted at No. 1 with $31.7 million, according to studio estimates Sunday.

Giants WR Burress turns himself in to police (AP)

AP - Plaxico Burress arrived at a police station early Monday, where he was expected to be charged after accidentally shooting himself in the right thigh at a Manhattan nightclub.

Obama names Clinton, national security team (Reuters)

Reuters - U.S. President-elect Barack Obama on Monday announced his national security team, nominating former rival Hillary Clinton as secretary of state and asking Defense Secretary Robert Gates to stay on in that role.

India demands swift Pakistan action over Mumbai (Reuters)

Reuters - India said on Monday it had called Pakistan's envoy and informed him that deadly attacks in Mumbai were carried out by militants from Pakistan and demanded swift action against those responsible.

Thai protesters consolidate hold on airport (Reuters)

Reuters - Thai protesters prepared to end their three-month occupation of the Prime Minister's office on Monday to consolidate their grip on the main airport ahead of a court verdict that could dissolve the elected government.

Europe mulls spending hikes as world factories slow (Reuters)

Reuters - European leaders clashed on Monday over how much public money to spend on battling recession as data showed factories were slashing output in the United States, Europe and China.

Pelosi seeks fast action on stimulus bill (Reuters)

Reuters - House of Representatives Speaker Nancy Pelosi met leading governors on Monday to discuss the size and shape of an economic stimulus package she hopes Barack Obama can sign when he becomes president on January 20.

Alabama mayor arrested on illegal payments charges (Reuters)

Reuters - Federal authorities arrested the mayor of Birmingham, Alabama, on Monday as part of a corruption probe surrounding the city's sewer bonds.

Retail stocks fall on holiday shopping worries (Reuters)

Reuters - Key retail stocks fell on Monday as investors feared that deep discounts offered by U.S. stores during the year's first holiday shopping weekend could sap profits and would not save a bleak season.

Eight killed in suicide blast in Pakistan (Reuters)

Reuters - A suicide car-bomber killed eight people on Monday in an attack aimed at a military checkpost in northwest Pakistan's Swat Valley, military officials said.

Obama formally names Clinton secretary of state (AFP)

AFP - Barack Obama on Monday nominated his erstwhile political foe Hillary Clinton as his secretary of state, as he rolled out a muscular national security team rich in global political star power.

Mumbai attacks: India demands Pakistan take 'strong action' (AFP)

AFP - India on Monday formally accused "elements" in Pakistan of being behind the devastating Islamic militant attacks in Mumbai and demanded that Islamabad take "strong action".

Passwords and the Human Factor

Personal Technology Personal Technology