Personal Technology Information

Passwords and the Human Factor


Passwords have a strange dual nature. The stronger and safer the password the more likely it will be undermined by human weakness.

It is widely known that passwords are the most common means of access control. It is also common knowledge that passwords are the easiest way to compromise a system. Passwords have two basic functions. First, they allow initial entry to a system. Next, after access, they grant permission to various levels of information. This access can range from public data to restricted trade secrets and pending patents.

The best passwords are a lengthy and complex mix of upper and lower case letters, numbers and symbols. The tendency for people when using these formats is to write them down, store them on a hand held device, etc. thus destroying the integrity of the password.

The integrity of passwords can be circumvented through "Human Engineering." People can unwittingly make grave errors of judgment in situations that they may view as harmless or even helpful. For example, a password is shared with a forgetful employee and a system can be compromised. In more ominous cases, a con artist or hacker can phone a naďve employee and present themselves as senior executives or help desk personnel and obtain that persons password. People have also been duped by callers claiming emergencies, cajoling or even threatening the employees job if a password is not provided.

These human lapses can be addressed through employee training and written policies that provide solid guidance and procedures in these circumstances. Training in information security, including password protocols, should be mandatory for every employee of the enterprise. Management support of this training and the security policy is critical to its success. To be effective, training should be repetitive with quarterly reviews of the company policy. There can also be frequent reminders, such as banners, about password security that appear during logons.

Management must not only support security measures, they must also provide a written and enforced policy statement. These written policies should be developed with assistance from the I.T. department as well as the human resource and legal departments. Written policies should be a part of the employee's introduction to the company and should be reviewed at least twice a year. It is also critical that the employee sign off on the document indicating that they received, read, and understood its contents. Firms that ignore these practices do so at their own risk.

Enforcement is an important partner to training. A policy that is not enforced is far worse than no policy at all. In fact, haphazard enforcement or lack of enforcement can increase a company's liability in many legal actions. To work, a policy must have "teeth". There should be a range of consequences for lapses whether it is a single event or multiple or flagrant incidents. This can range from a verbal warning all the way to termination.

In summary, passwords can be kept more secure by recognizing the human factor. Through management initiative, communication and training, as well as written and enforced policies and procedures, companies can have more control over their information assets and keep their clients and partners much safer.

About The Author

Terrence F. Doheny

President, Beyond If Solutions,LLC

www.beyondifsolutions.com

terry@beyondifsolutions.com


MORE RESOURCES:

03/28/2024
Oregon's Breakthrough Right-to-Repair Bill Is Now Law
Companies will no longer be allowed to use software checks to verify replacement parts in a major step forward for the right-to-repair movement.


more info


03/28/2024
Bug Zappers Are Swarming on Amazon
Amazon listings for low-cost tech products can send shoppers down a rabbit hole of weird brand names, duplicate listings, and suspect reviews. Data from Fakespot shows bug zappers are ascendant.


more info


03/28/2024
The 30 Best Shows on Max (aka HBO Max) Right Now
From "Curb Your Enthusiasm" to "The Regime," here's everything you need to be watching on Max this month.


more info


03/28/2024
FTX Founder Sam Bankman-Fried Sentenced to 25 Years in Prison
A US judge has sentenced Sam Bankman-Fried, one-time crypto wunderkind, to 25 years behind bars.


more info


03/28/2024
Bill Burr Answers The Web's Most Searched Questions
Bill Burr joins WIRED to answer his most searched questions from Google. What's his best comedy special? What kind of helicopter does he fly? How did he end up in The Mandalorian? Can he play the drums? The comedian answers all these questions and more!Check out Bills film, Old Dads, on Netflix: https://www.netflix.com/title/81674327His Monday Morning Podcast: https://open.spotify.com/show/5SFiQlOQ3EKmwp0chE1QzYAnd all of his tour dates: https://billburr.com/#tourdates


more info


03/28/2024
The Best Umbrellas to Help You Ride Out the Rain
These picks will protect you from showers, withstand the wind, and hold up for the long haul.


more info


03/28/2024
A First Look at Samsung’s 2024 TV Lineup
Samsung’s new OLED cuts the glare, while its Music Frame speakers sound much better than what you’d expect from such a compact design.


more info


03/28/2024
RFK Jr. Has Assembled His Anti-Vax Conspiracy Squad
Nicole Shanahan, RFK Jr.’s VP pick, seems to have already embraced her running mate’s conspiratorial thinking.


more info


03/28/2024
Is a Nintendo Switch Worth Buying Right Now?
Rumors abound about the Switch’s successor, but that shouldn’t deter you from jumping into the wonderful library of exclusive games on Nintendo’s platform.


more info


03/28/2024
The Earth Will Feast on Dead Cicadas
Two cicada broods, XIX and XIII, are emerging in sync for the first time in 221 years. Birds, trees, and dirt are about to get the banquet of a lifetime.


more info


03/28/2024
What the Apple Antitrust Suit Means for the Future of Messaging
This week, we talk about the US Department of Justice’s lawsuit against Apple, and how its outcome—whether Apple wins or loses—might change how we text each other.


more info


03/28/2024
Jeffrey Epstein's Island Visitors Exposed by Data Broker
A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.


more info


03/28/2024
19 Best PS5 Games, From Sci-Fi Horror to Kitty-Cat Adventures
The Sony PlayStation 5 is sitting atop a treasure trove of games and these are our favorites.


more info


03/28/2024
The White House Puts New Guardrails on Government Use of AI
Vice President Kamala Harris says new rules for government AI deployments, including a requirement that algorithms are checked for bias, will “put the public interest first.”


more info


03/28/2024
Meet the Designer Behind Neuralink’s Surgical Robot
Afshin Mehin has helped design some of the most futuristic neurotech devices.


more info


03/27/2024
The Baltimore Bridge Collapse Is About to Get Even Messier
Closing the city’s seaport will send shockwaves across global shipping. Supersize container ships pose a growing risk to bridges and other infrastructure when things go wrong.


more info


03/27/2024
Online Conspiracies About the Baltimore Bridge Collapse Are Out of Control
Conspiracy theorists are calling the Baltimore bridge collapse a “black swan event,” and blaming everything from Israel to DEI to Covid vaccines.


more info


03/27/2024
‘Malicious Activity’ Hits the University of Cambridge’s Medical School
Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the “malicious activity.”


more info


03/27/2024
Our Favorite Garmin Smartwatches Are on Sale
Spring has sprung! Whether you want to run, surf, or sleep in, we've gathered the best discounts on a few of our favorite fitness trackers.


more info


03/27/2024
The Best Nintendo Switch Accessories
Here are some screen protectors, chargers, and other extras for your handheld companion.


more info


03/27/2024
Inside the Creation of the World’s Most Powerful Open Source AI Model
Startup Databricks just released DBRX, the most powerful open source large language model yet—eclipsing Meta’s Llama 2.


more info


03/27/2024
The Next Generation of Cancer Drugs Will Be Made in Space
Injectable immunotherapy drugs can be made, in theory, but gravity prevents them from crystallizing correctly. A startup thinks the solution could be right above us.


more info


03/27/2024
The Science of Crypto Forensics Survives a Court Battle—for Now
A jury convicted Roman Sterlingov of money laundering this month. His defense team says it will appeal, saying the crypto-tracing technique at the heart of the case is “pseudoscience.”


more info


03/27/2024
‘$5,000 to Save a Life Is a Bargain’
Here’s Elie Hassenfeld, your high school EA crush. As effective altruism spirals into self-doubt, the idealist quant is still at it, helping Silicon Valley richies give away hundreds of millions each year.


more info


03/27/2024
The Deaths of Effective Altruism
Sam Bankman-Fried is finally facing punishment. Let’s also put his ruinous philosophy on trial.


more info



home | site map | contact us