Monday, August 8, 2011

What’s in a Password?

Find out how a recent study uncovered alarming news about the security risks in employee passwords

Would you believe it if I told you that there are less than 1% of truly random passwords in use today? Well the unfortunate reality is it’s true. A recent report* shows that less than 1% of passwords used today are random in nature. In fact, the report breaks down how some people derive their passwords; for example:
• 14% of passwords are derived from a person’s name (JohnSmith)
• 8% of password are derived from a place name – most likely the place where the person lives or was born (SeattleWA)
• 14% of passwords are purely numeric and in some situations are consecutive numbers (12345)
• 25% of passwords are random dictionary words (computer)
• Another 8% or so are made up of keyboard patterns, short phrases, words within the email address, and repeating words (asdf, myblackcat, @apple, redred – respectively)
• While the remaining 31% could not be verified during the study

This information is alarming to network and security administrators in any field. While most system administrators will set password complexity rules, not all do; and those that do may still find that employees may use passwords that are easy to replicate. So to help circumvent network breaches organizations should consider adding identity management solutions to protect themselves. There are several easy solutions an organization can implement to help reduce the risk of password security breach.

One I’d like to focus a little on is implementing a solution that requires two-factor authentication. This practice requires securing the primary login using a pass-card or biometrics. Instead of entering a username and password, users can log in by presenting a pass-card/biometric to a reader and entering a PIN code. Combining a pass-card/biometrics and a PIN code ensures strong authentication. Because this two-factor authentication is based on something users own (the pass-card/biometrics) and something they know (the PIN code).


Tools4ever’s Enterprise Single Sign On Manager(E-SSOM) offers full integration with all common two-factor authentication readers, such as HID, Mifare, Biometrie, Gridtoken, proximity-based devices and RFID readers. E-SSOM offers native integration with the driver software of the (card) reader and links the pass-card ID to the user credentials (username/password) in Active Directory. No additional software is required to create this link. This feature guarantees an user friendly and secure login for all users.

Stay tuned for my next blog where I explain how implementing a self-service password reset option can also help ensure your employees are using secure and complex passwords.

*Source: The science of password selection by Troy Hunt

No comments:

Post a Comment