The fine art of password protection

Tuesday, 8 July 2003, 8:57 AM EST

Passwords are both the universal language for network navigation and the weakest link in network security, as fraught with peril as they are essential.

Experts say that because they are so closely linked to the ever-fallible human element, passwords cause the most headaches of any security mechanism. However, any enterprise, large or small, can take steps to minimize risk without resorting to cutting-edge and costly technologies like biometrics.

"The fact is that most people don't take the basic steps to protect their passwords, like changing them, so if passwords are a last line of defense, a network administrator has to take it upon himself to make sure it happens," Gartner vice president John Pescatore told the E-Commerce Times.

Security experts have long advocated forcing employees to reset passwords every quarter or even more often, especially if they are accessing sensitive data. However, passwords are already notorious at IT help desks, where lost passwords or locked-out employees absorb a considerable amount of valuable support staff time. More frequent password changes likely would increase the proportion of such calls.

[ Read more ]

Related items


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th