Drug testing

Passwords and the Human Factor

Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.

It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.

The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a na?ve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.

Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

About The Author

Terrence F. Doheny

President, Beyond If Solutions,LLC

www.beyondifsolutions.com

terry@beyondifsolutions.com

In The News:

More than 1,000 birds died at a lake in Southern California earlier this month, state wildlife officials announced Tuesday.
Newly declassified documents from the Pentagon reveal the Department of Defense funded projects that investigated UFOs, wormholes, alternate dimensions and a host of other subjects that are often the topics of conspiracy theorists.
CAIRO (AP) — Egypt says archaeologists have uncovered ancient tombs dating back to the Second Intermediate Period, 1782-1570 B.C., in the Nile Delta.
After a decade, the restoration of the tomb of King Tutankhamun in Egypt has finally been restored, a project described as a "must-see" attraction.
Archaeologists have discovered a rare death mask on a beach in Florida, a sign that more treasures may be nearby.
Over the past two weeks, numerous media reports have claimed that a team led by archaeologist Zahi Hawass is on the verge of discovering the tomb of Mark Antony and Cleopatra VII at a site in Egypt called "Taposiris Magna."
Archaeologists in Scotland have revealed that a stone circle thought to be thousands of years old is actually a modern replica.
High levels of cocaine are causing some eels in London's famous River Thames to be "hyperactive," new research by King's College London shows.
The tiny, immortal hydra is a freshwater animal that can regenerate an entirely new animal from just the tiniest sliver of its body.
A man was getting ready to do his "business" on Saturday morning when he was startled by a large carpet python peaking its head out of the toilet.

Get Ahead When You Build Your Own Computer

If you've been kicking around the idea of building your... Read More

System File Checker - A Maintenance Utility

System File Checker is a great utility that is typically... Read More

Simple Overview Of Computer

Computer is an electronic machine work on the instructions of... Read More

Looking For an MP3 Player?

If you don't have an mp3 player, and even if... Read More

5 Minute Guide to Video Editing for Beginners

Getting started with video editing is very simple you only... Read More

Reliable File and Folder Sharing in Windows Xp

This tip is on sharing files and folders on a... Read More

CCNA 640-801 Certification Primer

The Cisco Certified Network Associate (CCNA) Certification is meant for... Read More

How to Set Up Simple File Sharing WinXP

The first step is: Start > My DocumentsSo you have... Read More

Is Online DVD Rental or Pay-Per-View the Best Way to Get Your Movies?

With renting methods such as online DVD rental and pay-per-view,... Read More

Your Affiliate Business - Peripherals, Software, Computers

I have always been interested in computers, but in the... Read More

The Newbies Guide to Personal Computer Maintenance

When you turn on your computer, does it act like... Read More

Email Management

If you utilize a computer at home or work it... Read More

Use Your Computer For Your Entertainment Needs

By using your computer today you can find a lot... Read More

Digital Cameras: How Many Pixels Do I Need?

With the bewildering number of digital cameras on the market,... Read More

What Exactly are Screensavers? - part I

After reading this good article you will know some important... Read More

Flash Memory, Part I: MMC and SD

MMC and SDFlash memory is available in so many formats... Read More

FTP - File Transfer Protocol Explained

File Transfer Protocol (FTP) is a protocol that is part... Read More

This Page Cannot Be Displayed ? What to Do When Your Internet Breaks

The DNS (Domain Name System) servers are what your computer... Read More

MobiTV and Visual Stimulation Imput for Personal Cognitive Performance

Stimulus thru Caffiene or Visual Input?It appears that the Mobi... Read More

Compare MP3 Players for the Coolest Features and Sweetest Deals

How can you compare mp3 players to be sure you're... Read More

iPod users get the picture

iPod users start to get the picture and it's turning... Read More

How to Protect your PC from Spyware in the Cyber Age

Wouldn't you be shocked to find that your personal sensitive... Read More

Nephrology and Dialysis For a PDA

Saving Lives With A Pocket PCFree medical downloads can be... Read More

2 PC Annoyances and How To Solve Them!

I have a love-hate relationship with my computer.In fact, often... Read More

MCSE 70-290 Certification Primer

Microsoft Certifications are one of the most widely acclaimed, pursued,... Read More

retrofit led street lights street lights kayne Pete's produce ..