Security Note: Stop Writing Passwords on Post-its

By  Ben Halpert — August 01, 2007

How many years now have we been providing proper password handling and creation training? You know, make sure the passwords are complex, change them every 30 days, don’t write your passwords down on yellow sticky notes, etc. Such awareness training essentially forces employees to write down the newly created, complex passwords on yellow sticky notes. If organizations do not provide technology-based solutions to back up requirements levied on the workforce, then such awareness training will be ignored. This behavior does not necessarily occur out of malice, but because employees may not be aware of a better alternative to the yellow sticky note.

So what is a better solution? There are three broad categories of password-focused solutions: Single Sign-On (SSO), reduced sign-on and password management applications. The myth of an implementable SSO (one password-based credential that would be utilized as the sole identifier) never materialized and subsequently morphed to reduced sign-on functionality. Reduced sign-on allows users to remember 30 passwords instead of 50, for example. An improvement, yes, but the original issue remains.

Password management applications provide a simple answer to the problem of the yellow sticky note. An example of an enterprise-focused, centrally managed password application is Passlogix’s v-GO Sign-On Platform. For smaller firms and individual use, take a look at the open source PasswordSafe solution.

After you provide training and a technology-based solution, you still have to worry about who the user will relinquish their password to. A survey of 172 people in London, by Infosecurity Europe, found that 71 percent of users would give up their network access passwords for a bar of chocolate. I wish I were joking.

Ben Halpert works for a leading defense firm and writes monthly about security for Mobile Enterprise magazine. Comments, questions and requests can be sent to him at editor@mobileenterprisemag.com; please include SECURITY in the subject line.

POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 0 (0 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

Mobility Outlook 2015: People & Process Coming Together

The progression of mobility in the enterprise so far is akin to a child entering its early awkward teenage years, according to 451 Analyst Chris Marsh. How will this change in 2015? What trends need to go and what's coming? This exclusive report explores looks ahead and Marsh provides practical recommendations.