With or without the help of a password hacking tool, it is far too easy for passwords to be compromised. Simple passwords (even Barack Obama admits to using them) can be hacked with a little trial and error, whilst even the more complicated passwords can be bypassed with ease – there’s even a conference dedicated to the art form.
And the bad news doesn’t end there; hacked passwords are not the only form of mismanagement for this thin layer of security. Individuals are now being coerced into creating an agonising number of passwords (for seemingly every aspect of life), so are repeating and reusing the same passwords over and over. If one use of the password is compromised, every other use of the same password may be at risk. Alternatively, users who diligently use a different password for every account, or regularly change their password, are more at risk of forgetting passwords – inhibiting their ability to use the password-protected service.
Sadly, even when a host of different, regularly-changing, passwords are being implemented, there’s still no guarantee a half-decent hacker won’t be able to figure out the password.
The fallibility of the password is not a new phenomenon, for as long as there’s been closed doors, there’s been those trying to bust their way in. This helped pave the way for password management tools, offering hope to millions that their passwords could be safely stored away from thieving hands. Inevitably, cyber criminals have mercilessly targeted these resources – tailoring the Citadel Trojan malware to specifically infiltrate password management tools.
So if passwords aren’t safe, password protection isn’t safe, and if individuals can’t be trusted to remember their password information – why are we persisting with passwords as a security solution?
When cyber criminals are continuously improving their techniques and processes, why do some businesses insist on using a security system that is more than 50 years old? Even Fernando Corbató, who developed the first known computer password in the early 60s, acknowledges that the technology is not secure in the current climate.
These questions are particularly pertinent when we consider the more robust access control solutions which are widely available to provide security and improved identity management. If the data is worth the effort of protecting, it should be protected comprehensively. Modern identity and access management technology offers many solutions such as multi-factor authentication – providing layers of control and security for online data.
At ProofID, we are happy to talk to you about your access control issues – offering bespoke solutions, incorporating multi-factor authentication, which utilise cutting edge identity authorisation technologies and techniques. Regardless of your industry or sector; your employees, customers, clients, partners and suppliers would benefit from the implementation of a more comprehensive identity management system.