Passwords: The Weakest Link

By Nick Savvides, Business Manager, Information Protection, Symantec

Passwords; most of us depend on them to protect our information and more importantly, our online identities. But passwords may be the largest security liability of the internet. They put consumers, corporations and the wider online world at significant risk due to numerous weaknesses:

  1. People. Most organisations allow users to create their own passwords and people tend to choose memorable passwords rather than secure passwords. 91 percent of all passwords used are found in the top 1000 most used passwords and more than 10 percent of PINs picked at random will be 1234.
  2. Passwords are easily lost or stolen. Many people reuse the same password on multiple sites for convenience – creating a massive exposure for an individual’s entire online identity. Once a hacker has the password to one account, they can unlock a huge quantity of personal, financial and corporate information.
  3. Recovery is flawed. If a user loses or forgets a password, the usual recovery method involves questions only they should know the answer to. Unfortunately the answers to these questions can often be found elsewhere online or can be stolen by hackers using social engineering methods.

Today’s IT departments are faced with the challenge of supporting the explosion of cloud-based apps and always connected devices, where many times the only thing between company data in the cloud and an attacker, is a password – and passwords alone are vulnerable, costly and complex.

For some time the answer to address these traditional authentication weaknesses appeared to be biometrics. But using biometrics for online security has rarely been seen outside Hollywood movies and consumers have been put off by high error rates and privacy concerns, while organisations find server-side biometric templates too risky to hold and as such, are prized targets for cybercriminals.

However the tipping point for biometric security is approaching and the technology is maturing. Over the next two years biometric security is predicted to meet end-user and organisational demands for both convenience and security and due to developments in the biometric security landscape, such as the rise of the smartphone, we can now combine multiple authentication factors in the security software space that are easy-to-use, but do not require the use of passwords.

Eliminating passwords improves the security and convenience of two-factor authentication and allows organisations to confidently embrace cloud and mobile with secure access from any device.

To hear more from Symantec, register to attend Data#3’s JuiceIT 2016.

Tags: JuiceIT 2016



Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…

Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…

K-12 Video Period
Securing the school network amidst escalating threats

Security threats are now a routine problem for increasingly connected education institutions. The good news is that a new generation…

Protecting Data in a Cloud World: What You Need to Know About Azure Backup

Welcome to Part 1 of our 3-part blog series, exploring data protection options and considerations for when you’re operating in…

The Southport School Revisited
The Southport School: Four Years On

How have their investments in wireless networking and security paid off after four years? Download Customer…

Palo Alto Security Growth Partner of the Year
Data#3 Triumphs with Palo Alto Networks Security Award

November 11, 2022; Sydney, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Delivering the Digital Future, Securely

Cyber security challenges continue to evolve, compliance obligations increase and skills shortages stress your teams – what if we could…

ACSC Essential Eight Maturity Model: Regular Backups
Essential Eight Maturity Model: Regular Backups

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity…