It’s hard to imagine that those tiny dots can lead to such personal frustration and corporate collapse. Passwords in many cases are the only thing standing guard over your sensitive information. From an organization’s perspective, they may have hundreds or even thousands of individual passwords that protect company data and all of them are ripe for the picking. In today’s world you need passwords for everything, from your social networking sites to your online banking account. People are busy running in a million different directions so nobody has the desire to memorize 10-20 passwords. I’m guilty of it as well, using the same password for multiple accounts. This concept of password reuse is the biggest problem with passwords in general according to John Sawyer, who wrote a piece for DarkReading.com called “How to Hack the Password Problem.”
In theory, people are going to do what is easy and convenient for them and memorizing a bunch of passwords falls into neither of those categories. Organizations will typically conduct some kind of security awareness training to emphasize the power of their employees’ passwords and why it is critical they take it seriously. That only goes so far though and what you might end up with are employees putting all of their passwords into an easily accessible spreadsheet or, worse yet, writing them down on a sticky note. Instead, Sawyer recommends simple desktop based management tools like Password Safe or LastPass and enterprise single sign-on solutions such as those offered by Oracle and CA. He ends with this comment, which I think hit the nail on the head in terms of password issues with users:
“…if a company wants to address an issue like passwords, then it has to make it easy for the
user and not rely solely on the user to be the more secure link in the chain.”
Then again, some feel that passwords are becoming obsolete altogether due to their unfriendly nature. How do you feel about passwords in general and what steps does your organization take to address password security?