Ben Halpert

HOME

PUBLICATIONS

EVENTS

RESOURCES

SAVVY CYBER KIDS

CONTACT

BLOG

My Password? Sure, It's…

Ben Halpert / September 2007
Mobile Enterprise

Employee behavior leads us to law number two of four in Ben’s Laws of Mobile Data Security: User awareness alone is ineffective.

How many years have we been providing proper password handling and creation training? You know, make sure the passwords are complex, change them every 30 days, and don’t write your passwords down on yellow sticky notes, etc. Such awareness training essentially forces employees to write down the newly created, complex passwords on yellow sticky notes. If organizations do not provide technology based solutions to backup requirements levied on the workforce,

then such awareness training will be ignored. This behavior does not necessarily occur out of malice, but because employees may not be aware of a better alternative to the yellow sticky note.

So what is a better solution to the yellow sticky note? There are three broad categories of password focused solutions: Single Sign-On (SSO), reduced sign-on, and password management applications. The myth of an implementable SSO (one password-based credential that would be utilized as the sole identifier) never materialized and subsequently morphed to diminished sign-on functionality. Reduced sign-on allows users to remember 30 passwords instead of 50, for example. An improvement, yes, but the original issue remains.

Password management applications provide a simple answer to the

problem of the yellow sticky note. An example of an enterprise focused, centrally managed password application is Passlogix’s v-GO Sign-On Platform. For smaller firms and individual use, take a look at the open source Password Safe solution.

After you provide training and a technology based solution, you still have to worry about who the user will relinquish their password to. A survey of 172 people in London, by Infosecurity Europe, found that 71 percent of users would give up their network access passwords for a bar of chocolate. I wish I were joking.

See you next month for law number three (and it is not make sure your employees eat enough to stave off hunger).

Return to Publications >

SUBMIT EMAIL TO STAY UPDATED PRIVACY POLICY