Pass up on the passed-on passwords

The securing of IT systems has never been straightforward but the increasingly sophisticated nature of the cyber threats that stalk IT systems today is putting even greater pressure on organisations to lock down systems and sensitive data.

A major question is how long it will be before the de-facto standard authentication technology — the password — has reached its sell by date.

The nature of hacking has changed significantly in recent times. Today hacking and other computer threats are operated with criminal intent to make money rather than being an ego trip or profile raising exercise.

These developments are now tightly coupled with criminals now exploiting strong social engineering elements, from a user trading a password for a bar of chocolate in railway station survey, up to sophisticated targeting of individuals.

Password vulnerable
The vast majority of users still log on to their PCs with their access to enterprise systems, applications and data, via a password. This method has never been recognised as being particularly secure.

Users like to employ simple passwords or ones that anyone with a little personal knowledge or some simple password generator software could crack quickly.

Most systems can now be set to block the use of simple passwords but when this occurs users frequently complain about the complexity they have to use and often resort to writing it down on a convenient sticky note placed under the keyboard.

There are a number of other ways that a second authentication factor can be brought in to play. For example, one-time token generation devices are widely available and relatively straightforward to implement. Sending the user a onetime code to their cell phone via SMS is also on the increase.

Clearly the base-level of security needs to improve. The resources to do so are now widely available and most are reasonably reliable.

Many devices now come equipped with smart card slots or finger print scanners, either or both of which can significantly enhance the security of the device.

Related:
1 2 Page 1
Page 1 of 2
7 secrets of successful remote IT teams