The Perils of the Password – How to Protect Your Business Continuity

How many passwords do you have? How many can you remember – and what do you do about the others? Business and consumer life is controlled to a significant degree by passwords. It’s a balancing act between making them memorable (for their rightful owners) without opening the door to password abuse or theft. The business continuity challenges that organisations face include weeding out passwords like ‘secret’, ‘1234’ or even just ‘password’, restricting password knowledge to only those who should know, and dealing with passwords that have been forgotten.

One solution is in the IT password management applications now available for both professional organisations and consumers. Consumers can lump their passwords together under one ‘super password’, known to a secure password management service. Enterprises can enhance business continuity via self-service portals that allow users to reset passwords they can no longer remember, or unlock access to their accounts. IBM has predicted that forgetfulness will no longer be a factor by around 2016 because biometric security for PCs and ATMs will overtake today’s passwords and PINs. However, for the moment, it looks like we’re still operating in alpha-numeric mode, with a few special characters thrown in.

Notwithstanding the uniqueness of people’s voices and eyes (the justification for using biometrics for security), good password management like information security starts with good user behaviour. Online services and IT applications may help, but they can’t protect against a user carelessly making a password available to another person, or lazily picking one of the easy-to-hack passwords like the ones above. Giving users some basic information about working with passwords is essential, such as avoiding easily guessable ones (including dates of birth) and keeping passwords strictly personal and confidential. And if in doubt, ask the hackers – many would agree that an organisation with only high IT protection but poor user information security awareness is much easier to hack than the reverse.