Passwords and the Human Factor

Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.

It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.

The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a naïve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.

Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

About The Author

Terrence F. Doheny

President, Beyond If Solutions,LLC

www.beyondifsolutions.com

[email protected]

In The News:

High-Tech Aids for Aging in Place  Kiplinger's Personal Finance
The Art of Communicating Risk  Harvard Business Review
The Strange Saga of TikTok  The New York Times

Quick System Restore with ASR Backups

ASR (Automated System Recovery) is a feature available on the... Read More

Portable Technology: Getting to Know the Treo

Up until the recent past, those who wanted to take... Read More

Home Video? Bring it On

So you got yourself a digital camcorder. If you want... Read More

Reliable File and Folder Sharing in Windows Xp

This tip is on sharing files and folders on a... Read More

Learning To Navigate Ciscos Online Documentation

When studying for your Cisco CCNA, CCNP, or CCIE exam,... Read More

How to Set Up Simple File Sharing WinXP

The first step is: Start > My DocumentsSo you have... Read More

What Are You Looking For In A Cheap MP3 Player?

Are you stymied by the vast offerings in cheap mp3... Read More

Bluetooth Headphones For Your PDA

Nothing is worse than having to negotiate all kinds of... Read More

Cut Through the Hype and Make the Right Digital Camera Comparisons

There are soooo many choices. With all the styles and... Read More

5 Simple Ways To Increase Your Computer Speed & Help Your Computer Run More Efficiently!

If you're a computer expert, you'll probably already know about... Read More

Cisco CCNA Candidate FAQ

CCNA FAQQ. What exams do I have to take to... Read More

Make Windows XP Run Faster!

A friend told me: "My computer startup seems to be... Read More

5 Ways to Speed Up Your PC

No matter how fast your processor and regardless of how... Read More

A Peek Into the Near Future of Electronics Technology

How long do you think DVDs have around? 20 years?... Read More

Virtual Memory - What is It?

I recently got an e-mail asking about virtual memory. The... Read More

More Cool Web Tricks

If you ask most people what frustrates them most about... Read More

Review of Rio MP3 Players

Below you will find some useful information and comments about... Read More

Desktop Security Software Risks - Part 2

This is the third in a series of articles highlighting... Read More

404 Error Pages: What Are They And How Do You Create One?

We've all seen them, you've been browsing a website and... Read More

Dynamite Comes in Small Packages - Tiny Personal Audio MP3 Players Pack Powerful Music Enjoyment

MP3 players are Hot! Playing music has come a long... Read More

Printing Multiple Copies of Photos

I do a holiday letter every year and send them... Read More

Improve PC Performance - 6 Tips You Must Know

Are you frustrated with your PC?Is it feeling sluggish or... Read More

If You are the Only User on Your Windows XP Computer, Do You Think One User Account Is Enough?

I am going to assume that you are running windows... Read More

How to Place Home Theater Speakers

You have your television and home theater receiver; you just... Read More

Deleting and Destroying Data Forever

Peoples' private information needs to stay private, even after it... Read More