Password Policy Strengthening OptionsSuzanne Peck
Humans are very predictable and unless we are the victim of a substantial data breach, we will probably assume our company’s network is safe and we are doing a decent job protecting it. Companies may slide by for years and not be on a hacker’s radar; but truth be told, if you are not taking precautions to secure your company’s network, you should be counting down the days until your network is hacked. There are numerous ways a company can be hacked, here are a few explained here.
Commonly, companies realize that they have weak passwords due to a data breach or results of an IT audit. As we all know, everyone has their own priorities of what he or she thinks is the “right” way to approach an objective. The IT Administrator or Network Manager will have their own ideas of what is the best way to protect the company’s network and the CIO or CISO might have a different idea. Here are a few common ideas that your management will think are appropriate solutions to preventing data breaches due to weak passwords:
• Purchasing a Password Vault Software
• Educating/Training Employees on Password Security
• Using USB Drives for Multifactor Authentication
• Purchasing a Password Filter for Windows AD
All of the above listed options seem like plausible solutions. However, from an IT security standpoint, let me shine some light on each idea that can help you while speaking with your management team on which option will solve your problem of weak, easily hacked passwords.
• A password vault is a great idea and concept. It stores all of your passwords under one single login and all you have to do is remember the one passwords that “unlocks the vault.” However, if there is no password policy enforced when creating the master password, then you just made the hacker’s job easier for them by only having to crack one password.
• Educating and training company employees through seminars is a great way to inform employees of the dangers that are associated with using bad passwords. However, all the seminar actually did for the employees was give them a day off of work. There is nothing in place to make sure that they are not using passwords that are easily hacked. Read this study that shows how password education training has no impact on a user’s password choice.
• Using USB drives and enterprise cards as passwords are a unique idea. The user must have the additional piece of technology to access their computer. However, do you know how easy it is to lose a USB drive? According to ComputerWorld.com, in one year alone, 25,000 USB drives were left in UK and NYC taxis. Help desk calls will be on the rise with an overwhelming amount of employees losing their additional piece of technology.
• Purchasing a Windows Password Filter is the most effective way to increase network security. The nFront Password Filter is a guaranteed method to make sure the written password policy you created is actually enforced. Included in the password filter is a dictionary check feature that will check each password created against a file with common, easily hacked passwords. This is fully customizable for your company. A few words included are Password, Summer, and Soccer. None of the previous options can do this.
With the insight I provided, there should be enough educational information to make an informed decision to protect your network.