Passwords aren’t dead, though yours could be

Passwords aren’t dead, though yours could be

Tags:    authentication   password management

By Taylor Armerding, CSO | Jan 11, 2012

It's 2012. The password is dead. Long live the password.
 

Perhaps the division in the IT world is not quite that stark, but there is indeed division. Some think it is past time to retire passwords, for what they say is the obvious reason: They don't protect users, since they are so easily hacked. All the talk about making passwords more secure is ignoring the elephant in the room; they simply cannot be made secure. Besides, there are other, better, authentication options, like biometrics, since nobody has your fingerprints, eyes and DNA.
 
But others say not so fast,  that biometrics are not duplicate proof, and that passwords would still be fairly effective if users didn't make them so easy to hack and if password authentication systems were improved.
 
Christopher Frenz, CTO at See-Thru and a faculty member at Mercy College, both in New York, says the problem is, "not because of passwords being obsolete, but because of the prevalence of bad passwords and bad password practices."
 
He points to the 2009 SQL injection attack on the social media site RockYou that compromised 32 million user account passwords. "The only password security requirement was a password of at least five characters," he says, "(which) resulted in people choosing passwords such as 12345, Password, rockyou, and abc123," plus common dictionary words.
 
Besides that, the passwords were stored in plain text format, along with users' email addresses.
 
Frenz says some websites (Hotmail recently among them) now require more complex passwords with multiple character types.
 
 
1234 > >>

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Developing an enforceable mobile security policy new
Security risks have been heightened by the proliferation of employee-owned mobile devices in many enterprises. Employees will almost always take the path of least resistance in leveraging mobile devices for business purposes, which may lead to unsafe computing practices. A clearly documented and enforceable mobile security policy is critical to reducing the risk of data loss.
When Android apps want more than they need
So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part—downloading the right apps to boost its functionality. You may even want to download a game or two or a movie or an MP3 player. But what if apps demand more of your personal information than they actually need?
 
 
 
Essar Group fights three BYOD devils new
Say BYOD, and CIOs cringe. They complain of security, supporting a flood of devices and losing control. But the CIO of Essar Group just proved his peers wrong. Here's how.
How Cisco deals with the BYOD revolution
Cisco Systems Inc. is one of the biggest IT companies in the world, with a disciplined organization. However, even its employees were unable to resist the bring-your-own-device revolution, which resulted in an explosion of SUSE Linux and Apple OS-based devices on a network that in 1999 had standardized on Windows. The company's IT department finally agreed to support new platforms, and learnt lessons from the experience.