We
have too many passwords, it is tough to remember all of them, they are not as
secure as we would hope (regardless of how ‘strong’ they are) and it costs IT
helpdesks a small fortune to handle the constant stream of reset requests.
These are all familiar pain-points of the password, but if a new survey is to
be believed it would seem that organisations need to watch their back, as one
in seven employees are willing to sell their passwords for as little as $150.
This
was the finding of a global survey conducted by the identity management company
SailPoint earlier this year. This says two things to me, the first is that
organisations need to better educate their employees as to the ramifications of
a security breech, as I am sure many people are naïve to what a determined
criminal can accomplish with one single password. Secondly, if people could be
tempted to disclose their password for such a relatively small sum of money, we
as security professionals need to take a close look at how we can remove the
temptation.
It
is often said that the human factor is often the weakest link in the security
chain. So clearly, the most obvious way to stop corporate passwords being sold
is to remove the need for people to have them in the first place. After all if
you don’t have it you can’t sell it! You may say “Easier said than done” but in
truth it is simple.
The ubiquity of passwords has for too long made IT departments and security professionals wary of replacing them. This is coupled with the fact that the available alternatives, such as biometrics, have been accompanied by hefty price tags, challenging roll outs and resource intense management. However, new solutions such as PINgrid are taking the elements of password-based security that work well and replacing those that don’t.
So,
if you are an employee you still login using a passcode, but it is a
one-time-code generated from a pattern that you have memorised within a simple
grid (either displayed on-screen, or via an app on a mobile device). Of course
an employee could sell their pattern but it would be worthless as the digits
within it are never repeated in the same sequence. Therefore, they would also
have to sell their device along with it and I don’t know anyone who would be
willing to be parted from their phones (whether their own device or a corporate
owned one) for a few minutes let alone sell it (apps intact) to a total
stranger!
Author: Alissa Lang, Winfrasoft
Protecting your business from a security breach isn't just about practicing safe tech. It's about hiring the right people, having a good security policy in place and employing common sense.
ReplyDeletebest data rooms
Great Article
DeleteIEEE Projects for Engineering Students
Final Year Projects for CSE
I have read your blog its very attractive and impressive. I like it your blog.
ReplyDeletecorporate training companies in india | corporate training in chennai | corporate training institutes in chennai | corporate training companies in chennai | Angular 2 Corporate Training