In-depth

Lost your password? Ask your children

Inside the enterprise: Apparently kids can hack most people's passwords. But strong authentication is still too costly for most businesses.

Password

Ask any IT helpdesk for their list of the most annoying and most frequent requests, and resetting users' passwords is very likely to be in the top five.

Users lose passwords. Or they forget to change them, they write them down on sticky notes, or store them in Excel files. Or else they just stick to simple ones they can remember, like Admin and Password.

Advertisement - Article continues below

A few years ago, Gartner, the IT research firm, looked at the cost of resetting passwords. A password reset call cost between 7 and 25 per incident, and they accounted for 30 per cent of helpdesk work. Other analysts have put the amount of time IT teams spend resetting passwords even higher.

So IT directors might be interested to learn that, apparently, cracking a password is child's play. Literally. SecurEnvoy, an IT security vendor, reckons that kids can use information stored on adults' social networking profiles to uncover enough personal information to hack passwords.

Security questions such as a user's mother's maiden name are especially easy to uncover, according to Andy Kemshall, SecurEnvoy's CTO. This, coupled with workplace information, such as email addresses, from sites such as LinkedIn, is more than enough to breach security. All a hacker needs to do is pose as a legitimate user, call up the helpdesk, and receive a new set of credentials.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Whether the "average kid" is going to go to such lengths is open to question. But another survey, this time from Experian, suggests that few of us take suffient precautions with either our personal information, or our passwords. The average Briton has 26 online accounts younger adults as many as 40 yet we use just five passwords to secure them. Experian didn't specifically ask whether people use the same passwords for work and personal accounts, but the odds are that many of us do.

Unfortunately, this is a problem that is still in search of a practical solution. Biometric security fingerprints, iris scans, or even voice prints has potential. But all biometrics are expensive to deploy: there is the cost of the equipment and softwarae, and the cost of verifying and enrolling users. And, with the exception of voice, all biometric IDs need new hardware. Then there is the problem that many of us find biometrics too intrusive for day to day use.

Advertisement - Article continues below

Strong, two-factor authentication, such as a token or smart card, is another option. But again, these are not cheap, and confidence in tokens has been undermined by the RSA hack. As with any system that relies on a single gateway, there is also a single point of failure. Move to single sign on with tokens, and if your token system is hacked or circumvented, your systems are wide open.

Until industry comes up with a better, cheaper alternative to passwords, the best measures CIOs can take are to educate staff to use strong passwords, and to change them often.

And if all else fails, the schools break up soon. So there will be plenty of sixth-formers around who will be happy to take a summer job in the IT security department.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020