For all the technical advances that businesses have adopted in recent years, it often still comes down to individual habits that can make or break security. One of the cornerstones of security is the password. All machines and systems rely on passwords to separate users from privileged data, and good passwords solidify that separation.
A recent blog post written by Nelson Cicchitto, the CEO of Avatier (News - Alert), an identity management company, reflects on the nature of business security and the vulnerability in the system that is passwords. Cicchitto explains that, a recent Verizon (News - Alert) study shows, 76 percent of all breaches over the past couple years have occurred because passwords were either leaked or stolen. Concerning that figure, he expresses his amazement that password management best practices are not making headway in enterprises.
"It amazes me that, despite all the money being spent on security measures, from endpoints to data leak prevention to database security, the single largest vulnerability continues to be passwords," Cicchitto says in his post.
The fact of the matter is that password management techniques can achieve success if implemented properly. Cicchitto says these techniques include the use of strong passwords that are changed often and not reused, password encryption, single sign-on portals, intruder detection and lockout, and IT support for lost passwords. There are a lot of systems at play as well as interplay between systems.
First, users IT managers must educate employees about the hazards of using poor passwords. Hackers can easily guess or forge those that are too short; alternatively, employees may be unable to remember passwords that are too long. IT software should be able to make sure that employees make passwords that have enough entropy and contain a mix of letters and numbers in addition to being of a minimum length. From there, employees will need to learn how to make passwords that are easy for them to remember but also compatible with the IT systems.
IT can also assist a happy future of users' passwords by making it easy for users to sign on to internal networks. A user should only need to sign on once with a single password. Once he has to remember more than one, he will begin to develop bad habits because he fears forgetting multiple logins. Single sign-on systems make this possible by providing employees with a central portal for network access; then they work with identity management systems to control user permissions for directory access. The single point of entry makes it easy for employees; the identity management makes it easy for IT.
Password syncing across systems can also make it easier for employees to use multiple systems because their passwords will allow them to access multiple systems that have different logins, such as Active Directory and Unix servers. Syncing makes sure that a single person's multiple usernames, perhaps built on his name, such as NELSONC for Cicchitto, recognize his single password.
Finally, self-service password management systems, Cicchitto says, can save organizations a lot of money in the long run. People continuously have problems remembering their passwords, so they are continuously calling IT to help retrieve their credentials. Even if employees only have one login at work, they may have several others that stretch across their digital lives with email, social media, and personal device access. A self-service portal may cost IT extra in the short term, but it can be a massive time-saver and, as such, it can address a problem before it begins and begin to return on the investment within as few as six months.