Home
>
Personal Technology
>
Passwords and the Human Factor

Passwords and the Human Factor

Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.

It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.

The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a na?ve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.

Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

About The Author

Terrence F. Doheny

President, Beyond If Solutions,LLC

www.beyondifsolutions.com

shuttle from Midway Glen Ellyn ..

In The News:

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Emails instructing you to reset your password for an account may be legitimate, or they may be scams. Kurt "CyberGuy" Knutsson explains.

Northrop Grumman's Manta Ray uncrewed underwater vehicle aims to revolutionize undersea missions — it glides through the ocean without human assistance.

Learn how to work Google's calendar application to streamline and organize your daily tasks from technology expert Kim Komando.

If you do not want Facebook to have automatic access to your private photos, follow our tips to protect yourself. Kurt “CyberGuy" Knutsson shows you how.

Kurt “CyberGuy" Knutsson goes into detail about Apple’s recent iOS update that allows iPhone users to instantly translate spoken language simply by using the Action Button.

Safeguarding your digital life with a reliable physical backup isn't just a precaution, it's a necessity. Kurt “CyberGuy" Knutsson provides the essential backup checklist.

Kurt “CyberGuy" Knutsson reveals how a Redditor exposed false recycling claims at their apartment, highlighting a report that only 21% of U.S. recyclables are processed.

Kurt "CyberGuy" Knutsson offers a travel toolkit featuring five technology tools to help you with booking flights and hotels for your summer vacation.

The bubble behind the clock on your iPhone can appear in different colors. Kurt "CyberGuy" Knutsson explains what each of those colors mean.

Scammers are using the power of artificial intelligence to mimic voices of people and are using the fake voices to commit crimes, like kidnappings.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Tech guru Kurt "CyberGuy" Knutsson explains the science behind the Invisibility Shield, a 6-foot shield that makes people become invisible.

The International Olympic Committee on Friday announced plans to use AI in various Olympic aspects, including athlete identification, training and judging.

Tech guru Kurt "CyberGuy" Knutsson explains an easy trick to avoid squinting while working or surfing the web by zooming in on your personal computer.

Streaming giant Roku has recently been targeted by a pair of cyberattacks, and the company confirmed over a half million Roku accounts were compromised.

The Land Aircraft Carrier combines an all-terrain, six-wheeled vehicle with a two-seat aircraft, which features electric vertical takeoff and landing.

The European Union has sent TikTok a "request for information" on the video sharing platform's newest app, TikTok Lite, under the Digital Services Act, with the aim to clean up social media.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

The FBI is warning the public about a recent phishing scam via text that claims its targets owe money in Pennsylvania for unpaid road toll charges.

Your Apple Music settings may be revealing to your contacts what you're listening to. Kurt "CyberGuy" Knutsson explains the process to change those settings.

Learn how to secure social media accounts, implement legacy contacts, and create a digital estate plan to protect your online assets from 'ghost hackers' after your death.

A ported phone number scam is leading to more people having their identities stolen by sophisticated scammers. Kurt “CyberGuy" Knutsson tells you what you need to know.

The Great Pacific Garbage Patch, a vast marine debris vortex, is being tackled by The Ocean Cleanup’s innovative technologies. Kurt “CyberGuy" Knutsson explains.

Discover easy solutions to tame autocorrect frustration on iOS and Android devices. Turn off, customize and add personal touches to your typing experience.

Passwords and the Human Factor

Personal Technology