ComputerWeekly.com
Premium Content

Access "A pen tester’s perspective on creating a secure password"

Mike McLaughlin, Contributor Published: 13 Oct 2012

In my day-to-day work as a penetration tester, I find it often isn’t the latest vulnerability or exploit that compromises most organisations: It’s weak passwords. Passwords are everywhere: Internal logins, remote access products, laptops and smartphones all require users to have passwords for authentication. As pen testers, we simulate many situations for our clients, including stolen laptops, remote access and internal “disgruntled employee” situations. Whether it is through simple password guessing techniques or cracking password hashes, we tend to find at least one account with a simple password such as “password”, “Password123”, the organisation's name, or the standard password that admins set when a user has forgotten his or her password. When creating a secure password, there's a myth that they must be at least eight characters in length, be alphanumeric and contain special characters in order to be secure. This causes users to create passwords that are not only difficult to remember, but also easy for attackers to crack. This is due to the fact that ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

What's Inside

Features

More Premium Content Accessible For Free

  • No more excuses: VDI is ready!
    BriForum-VDI-252.jpg
    E-Handbook

    There are a lot of reasons to avoid implementing VDI. Access this e-guide with advice from desktop virtualisation expert Brian Madden who directly ...

  • Taking stock of e-commerce systems
    CWE_140415_ezine_25p-MED.jpg
    E-Zine

    In this week's Computer Weekly, the first of our three-part buyer's guide to next generation e-commerce looks at managing inventory in multi-channel ...

  • CW Europe - April 2015 Edition
    EUR_0415_ezine_pp18-MED.jpg
    E-Zine

    With the datacentre industry a major consumer of non-renewable energy, it continues to come under fire from environmental campaigners and users to ...