Passwords and IT Security

Passwords are frequently thought of as an “outdated” method of security and numerous product vendors will tell you how they offer a much better solution that kind of works like magic.

This is rarely the case and for 99% of applications, properly used passwords provide you with a perfectly suitable method of authenticating a user onto your systems. This is discussed in greater detail in our latest whitepaper on Password Security, which is now available for free download.

It is a mistake to try and establish generic criteria for passwords – such as they “must” be a certain length and contain certain characters – as this something that can only ever be done after you have properly assessed the threats to your system. Anything else means you are failing to establish cost-effective security measures.

Make sure that when you are creating (or updating) your password policies and standards, that you dont fall into the trap of trying to use passwords to defend against every possible attack. It is very, very unlikely that global hackers based a world away will try to get into your office and look at the desks of your staff, so if that is your threat then encourage very long & complex passwords and let your staff write them down. However, if you are worried about threat actors getting access to your premises, writing down passwords is a problem but if you have remote log-on disabled and account lock out after a set number of failed attempts, then you can let your staff use easy to remember passwords.

The last point to keep in mind is the fact that you must never make the mistake of thinking passwords act as a security control on their own. If your system is vulnerable to SQL injections, MITM attacks (etc), then the best passwords – or even the best multi-factor authentication methods – in the world wont help you.

You can find more security resources for free download on the Halkyn Consulting security resources centre. If you would like advice on a particular topic, or want to find out more on how we can help you protect your home and business then get in touch with our specialist security consultants.

Comments are closed.