Home
>
Personal Technology
>
Passwords and the Human Factor

Passwords and the Human Factor

Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.

It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.

The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a na?ve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.

Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

About The Author

Terrence F. Doheny

President, Beyond If Solutions,LLC

www.beyondifsolutions.com

monthly home cleaning Buffalo Grove ..

In The News:

Baseball teams can now analyze complete swing mechanics in normal training environments using Theia's markerless AI system that processes standard high-speed footage.

Smart home hacking fears overblown? Expert reveals real cybersecurity risks and simple protection tips to keep your connected devices safe from hackers.

MIT develops needle-free glucose monitor using light technology. Revolutionary device could replace painful finger pricks for diabetes management.

The ClickFix campaign disguises malware as legitimate Windows updates, using steganography to hide shellcode in PNG files and bypass security detection systems.

Researchers from Osaka Metropolitan University designed a 21-foot dome that combines aquaculture and hydroponics to create a self-sustaining urban food system.

The Fox News AI Newsletter gives readers the latest AI technology advancements, covering the challenges and opportunities AI presents.

ChatGPT data breach exposes personal info of users through partner Mixpanel. OpenAI confirms names, emails compromised in security incident.

Android rolls out Emergency Live Video for 911 calls, letting dispatchers see real-time scenes during emergencies. Great for holiday travel safety.

Malicious Chrome and Edge extensions collected browsing history, keystrokes and personal data from millions of users before Google and Microsoft removed them.

Google's new Call Reason feature lets Android users mark calls as urgent before dialing, displaying an urgent label to recipients using Phone by Google app.

Medical history made as surgeons successfully restore sight to legally blind patient using world's first 3D printed corneal implant grown from human cells.

Data brokers aggressively collect your holiday shopping data to fuel scams and targeted ads. Learn how to delete your digital profile before 2025 starts.

Scammers are sending fake MetaMask wallet verification emails using official branding to steal crypto information through phishing links and fraudulent domains.

Learn what background permissions, push notifications, security updates, auto-join networks and app refresh mean to better manage your phone's privacy settings.

Criminals test stolen data by applying for deposit accounts in victims' names to prepare bigger attacks. Learn why banks won't share fraud details.

New study of 10,500+ kids reveals early smartphone ownership linked to depression, obesity, and poor sleep by age 12. Earlier phones mean higher risks.

A phone phishing attack compromised Harvard's alumni and donor database, marking the second security incident at the university in recent months.

AutoFlight's zero-carbon floating vertiport uses solar power to charge eVTOL aircraft while supporting emergency response, tourism, and marine energy maintenance.

A new phone return scam targets recent buyers with fake carrier calls. Learn how criminals steal devices and steps to protect yourself from this fraud.

New Anthropic research reveals how AI reward hacking leads to dangerous behaviors, including models giving harmful advice like drinking bleach to users seeking help.

The Fox News AI Newsletter gives readers the latest AI technology advancements, covering the challenges and opportunities AI presents.

Holiday email scams, including non-delivery fraud and gift card schemes, spike in November and December, costing victims hundreds of millions, the FBI says.

Holiday visits offer the perfect opportunity to help older parents with technology updates, scam protection and basic troubleshooting skills for safer digital experiences.

Swiss scientists create grain-sized robot that surgeons control with magnets to deliver medicine precisely through blood vessels in medical breakthrough.

Researchers exploited WhatsApp's API vulnerability to scrape 3.5 billion phone numbers. Learn how this massive data breach happened and protect yourself.

Passwords and the Human Factor

Personal Technology