{"id":181,"date":"2011-08-13T15:10:57","date_gmt":"2011-08-13T15:10:57","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=181"},"modified":"2011-08-13T15:10:57","modified_gmt":"2011-08-13T15:10:57","slug":"passwords-and-it-security","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/","title":{"rendered":"Passwords and IT Security"},"content":{"rendered":"<p>Passwords are frequently thought of as an &#8220;outdated&#8221; method of security and numerous product vendors will tell you how they offer a much better solution that kind of works like magic.<\/p>\n<p>This is rarely the case and for 99% of applications, properly used passwords provide you with a perfectly suitable method of authenticating a user onto your systems. This is discussed in greater detail in our latest whitepaper on Password Security, which is <a title=\"Password Security - Halkyn Consulting White Paper on Information Security\" href=\"http:\/\/www.halkynconsulting.co.uk\/security-resources\/downloads\/PasswordSecurity-HalkynConsultingWhitePaper.pdf\" target=\"_blank\">now available for free download<\/a>.<\/p>\n<p>It is a mistake to try and establish generic criteria for passwords &#8211; such as they &#8220;must&#8221; be a certain length and contain certain characters &#8211; as this something that can only ever be done <strong>after<\/strong> you have properly assessed the threats to your system. Anything else means you are failing to establish cost-effective security measures.<\/p>\n<p>Make sure that when you are creating (or updating) your password policies and standards, that you dont fall into the trap of trying to use passwords to defend against every possible attack. It is very, very unlikely that global hackers based a world away will try to get into your office and look at the desks of your staff, so if that is your threat then encourage very long &amp; complex passwords and let your staff write them down. However, if you are worried about threat actors getting access to your premises, writing down passwords is a problem but if you have remote log-on disabled and account lock out after a set number of failed attempts, then you can let your staff use easy to remember passwords.<\/p>\n<p>The last point to keep in mind is the fact that you must never make the mistake of thinking passwords act as a security control on their own. If your system is vulnerable to SQL injections, MITM attacks (etc), then the best passwords &#8211; or even the best multi-factor authentication methods &#8211; in the world wont help you.<\/p>\n<p>You can find more security resources for free download on the <a title=\"Halkyn Consulting Security Resource Centre\" href=\"http:\/\/www.halkynconsulting.co.uk\/security-resources\/index\" target=\"_blank\">Halkyn Consulting security resources centre<\/a>. If you would like advice on a particular topic, or want to find out more on how we can help you protect your home and business then <a title=\"Contact Halkyn Security Consultants\" href=\"http:\/\/www.halkynconsulting.co.uk\/contact\/contact-security-team\" target=\"_blank\">get in touch with our specialist security consultants<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Passwords are frequently thought of as an &#8220;outdated&#8221; method of security and numerous product vendors will tell you how they offer a much better solution that kind of works like magic. This is rarely the case and for 99% of applications, properly used passwords provide you with a perfectly suitable method of authenticating a user [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[29,5,22],"tags":[142,6,13,140],"class_list":["post-181","post","type-post","status-publish","format-standard","hentry","category-downloads","category-security","category-security-education-and-awareness","tag-downloads","tag-infosec","tag-internet","tag-security","entry"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Passwords and IT Security - Halkyn Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Passwords and IT Security - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"Passwords are frequently thought of as an &#8220;outdated&#8221; method of security and numerous product vendors will tell you how they offer a much better solution that kind of works like magic. This is rarely the case and for 99% of applications, properly used passwords provide you with a perfectly suitable method of authenticating a user [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2011-08-13T15:10:57+00:00\" \/>\n<meta name=\"author\" content=\"Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/\"},\"author\":{\"name\":\"Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\"},\"headline\":\"Passwords and IT Security\",\"datePublished\":\"2011-08-13T15:10:57+00:00\",\"dateModified\":\"2011-08-13T15:10:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/\"},\"wordCount\":373,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Downloads\",\"Information Security\",\"Internet\",\"Security\"],\"articleSection\":[\"Downloads\",\"Security\",\"Security Education and Awareness\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/\",\"name\":\"Passwords and IT Security - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2011-08-13T15:10:57+00:00\",\"dateModified\":\"2011-08-13T15:10:57+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Downloads\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/downloads\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Passwords and IT Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\",\"name\":\"Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"caption\":\"Halkyn Security\"},\"description\":\"Halkyn Security Consultants.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\/\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Passwords and IT Security - Halkyn Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/","og_locale":"en_GB","og_type":"article","og_title":"Passwords and IT Security - Halkyn Security Blog","og_description":"Passwords are frequently thought of as an &#8220;outdated&#8221; method of security and numerous product vendors will tell you how they offer a much better solution that kind of works like magic. This is rarely the case and for 99% of applications, properly used passwords provide you with a perfectly suitable method of authenticating a user [&hellip;]","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/","og_site_name":"Halkyn Security Blog","article_published_time":"2011-08-13T15:10:57+00:00","author":"Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@HalkynSecurity","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Halkyn Security","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/"},"author":{"name":"Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2"},"headline":"Passwords and IT Security","datePublished":"2011-08-13T15:10:57+00:00","dateModified":"2011-08-13T15:10:57+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/"},"wordCount":373,"commentCount":0,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Downloads","Information Security","Internet","Security"],"articleSection":["Downloads","Security","Security Education and Awareness"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/","name":"Passwords and IT Security - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2011-08-13T15:10:57+00:00","dateModified":"2011-08-13T15:10:57+00:00","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/passwords-and-it-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Downloads","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/downloads\/"},{"@type":"ListItem","position":3,"name":"Passwords and IT Security"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2","name":"Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","caption":"Halkyn Security"},"description":"Halkyn Security Consultants.","sameAs":["http:\/\/www.halkynconsulting.co.uk\/"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-2V","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=181"}],"version-history":[{"count":1,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/181\/revisions"}],"predecessor-version":[{"id":182,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/181\/revisions\/182"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=181"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}