Why Passwords Are Failing to Keep Systems Secure
When first designing a system, using a password to keep your data secure might be the first thing you think of. However, this is rarely enough to protect your sensitive information.
This is due to the fact that the human memory is often not good enough to store a strong password and most passwords that are easy to memorise are also easy to guess. For example, it has been found that people generally pick things like their date of birth, the name of a relative, pet’s name, etc. Each of these things may be easy to remember, but they are also easy for someone who knows you (or who has seen your social media account) to guess. It has also been documented that more than 50% of people use the top 25 most common passwords, a list that includes passwords such as ‘123456’, ‘qwerty’ and ‘111111’. Using any one of these would make it incredibly easy for a would-be hacker, as they may not even need to use password cracking software.
However unlikely it is for a user of a system at work to use one of these passwords, there is also the problem stated before of the human memory. If a user is forced to have a particularly strong and hard to memorise password, it is very likely that they will either use it repeatedly for anything that requires a strong password, or they will forget it. This generally means that when a user has to remember a particularly difficult password, they write it down and leave it on their desk or monitor. Others use their mobile devices to store the passwords, which in itself should not be such a risk, if it were not for the fact that most users do not think it necessary for mobile phones to have the security they need for such a task.
If a user cannot write their password down on paper nor their phone, what should they do? A recent survey taken by Centrify (on internet users based in the UK and US), found that companies lose about £261 per person on password retrieval per year, so memorising looks like a bad idea. There is of course, software that can be purchased to help keep track of all the passwords you use, but they have to be backed up securely and regularly. In addition, if the computer the software is on fails or is hacked, then you potentially have to recreate all your passwords.
With passwords either being hard to remember for the user or too easy to guess by a hacker, it has been found that using biometrics is the way forward and by using SmartSign to alleviate the dependency on passwords could be just what your system needs. The new biometric authentication will eliminate the risks associated with using a password, increase security and will also make productivity improve.