Home Editor's News IT professionals believe passwords make them vulnerable

IT professionals believe passwords make them vulnerable

May 20, 2014 | Posted by Dan Raywood

There is a global distrust of passwords, as 97 per cent of IT professionals think they make their systems vulnerable to attack.


The research of 300 attendees at Infosecurity Europe found that 97 per cent said that they know that passwords make their systems vulnerable and pose a serious risk when accessing web applications, and yet we still use weak, static passwords for business critical applications, despite 66 per cent of IT professionals saying that the average hacker could break a typical user’s password within minutes.


Thomas Capola, CEO of Sestus, said: “This survey highlights the real disconnect users have when it comes to their password security. Users understand that they are vulnerable because of easy access to weak passwords, yet they continue to fail to protect those passwords; and this is something that hasn’t changed in over 15 years.


All the training and user education in the world doesn’t seem to deter people from using static passwords and keeping them stored in obvious places around the office.”


Another survey by F-Secure also showed that passwords remain a problem, even for tech-conscious consumers. Its poll of 224 social media users found that 43 per cent of respondents use the same password for more than one important account, although 57 per cent of poll respondents changed passwords after hearing about Heartbleed.


Sean Sullivan, Security Advisor at F-Secure, said: “Identify the critical accounts to protect, and then make sure the passwords for those accounts are unique and strong.. If you created an account for some website and there’s hardly anything more in there than your username and password, then that’s probably not a critical account. But your Amazon account with your credit card info, your bank account, your primary email accounts, the Facebook account with your life story, these are examples of the critical ones. If you don’t have time or inclination to tackle everything, at least take care of those.”


Speaking to IT Security Guru, Get Safe Online CEO Tony Neate, said that passwords are often one of the big talking points, especially with devices where most people will not bother with one. “We talk about passwords and having many of them, but you do not have one key for everything in life, you have multiple technologies with multiple keys,” he said. “You are told you have got to have one for each website and it has  to be secure, but you cannot remember it so you write it down.”


Steven Hope, CEO of Winfrasoft, said that if technology worked, you would not need passwords. “How many passwords do you use in a day? I gave up at a dozen. Until you write them down, how many do you use in a week? If it is stolen how many applications could an attacker get into? We have existed on fixes and it is a nightmare, the only way is to get rid of passwords.”


Department of Defense to enforce breach reporting

A proposed report requiring reporting of breaches and a standard of cyber defence has been pushed back by a month by the US Department of Defense.   According to Bloomberg, companies that do business with the Defense Department will face new rules requiring them to report computer breaches to the Pentagon and give the Government (…read more)

August 20, 2014

Ballmer resigns from Microsoft board of directors

Former Microsoft CEO Steve Ballmer has announced his resignation from the board of directors.   Following his decision to resign as CEO in a tear-filled video, Steve Ballmer announced in an open letter to Microsoft that “Microsoft has been my life’s work” and he was proud of that and excited by what I see in (…read more)

August 20, 2014

A quarter of attacks on USA come from within the country

              Deployment of honeypots in public cloud infrastructures around the world has shown that 40 per cent of attacks come from Russia, and 21 per cent of attacks on the US come from within the US itself.   The research of the by Alert Logic has observed the type (…read more)

August 19, 2014