The Password Issue

If you then try harder and go for a more complex solution it often gets forgotten or, worse still, written down. So, how can businesses ensure that their employees use the best password security to guard their data safely?

Colin Tankard, Managing Director of data security company Digital Pathways, thinks that companies need to take more responsibility in helping their employees manage the myriad of passwords, used in the workplace, that need to be remembered.

Tankard advises that companies should have good and robust passwords that are regularly changed in order to maintain good governance.

A robust password is one that uses both upper and lower cases, special characters, non sequential elements and is not a word in itself. It should be changed at least every 30 days. And, ‘therein lies the rub’, this puts a huge burden on employees as, left to their own devices, it is unlikely that anyone would be able to even ‘dream-up’ such a password.

The process results in the writing down of passwords in order to remember them with the worse case scenario being a ‘post it’ note stuck on the side of the monitor.

Says Tankard, ‘Companies must deploy smarter forms of user authentication such as tokens or certificates or authentication software such as bio-metric’s.

‘This technology simplifies the log-on process for users and defeats hackers or monitoring software as the log-on is unique each time the user accesses a system. Such technology is regularly used for on-line banking services and easily adapts to new technologies such as cloud or managed services’.

The options available for authentication are numerous. These range from physical tokens that generate one time only passwords through to tokens available on mobile phones, USB tokens that securely store a certificate to finger print readers and, more scarily, retina scanning.

Tankard continues, ‘some of these techniques can engender user resistance, such as retina scanning, and some can be temperamental, such as finger print readers. This leads to user complaints and more work for the technical support department.

‘Tokens on the other hand are more reliable and easily understood by the user. Often the only issues being the cost of the token and the management of lost or broken tokens but this can be reduced by using soft tokens which can be used on multiple devices and reinstalled should the device change or be lost.

“There is an authentication mechanism for all organisations – large or small – that is able to fit within budget, meet business requirements and match the user role. It is simply a case of taking responsibility and improving the level of security by ensuring better control.’