ComputerWeekly.com
Premium Content

Access "A pen tester’s perspective on creating a secure password"

Mike McLaughlin, Contributor Published: 13 Oct 2012

In my day-to-day work as a penetration tester, I find it often isn’t the latest vulnerability or exploit that compromises most organisations: It’s weak passwords. Passwords are everywhere: Internal logins, remote access products, laptops and smartphones all require users to have passwords for authentication. As pen testers, we simulate many situations for our clients, including stolen laptops, remote access and internal “disgruntled employee” situations. Whether it is through simple password guessing techniques or cracking password hashes, we tend to find at least one account with a simple password such as “password”, “Password123”, the organisation's name, or the standard password that admins set when a user has forgotten his or her password. When creating a secure password, there's a myth that they must be at least eight characters in length, be alphanumeric and contain special characters in order to be secure. This causes users to create passwords that are not only difficult to remember, but also easy for attackers to crack. This is due to the fact that ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Why we need cyber war games
    CWE_270115_ezine_18p_MED.jpg
    E-Zine

    In this week’s Computer Weekly, the UK and US are starting a cyber war on each other – all in the name of testing each other’s defences. We look at ...

  • FT sold on cloud benefits
    CWE_200115_ezine_18p_MED.jpg
    E-Zine

    In this week's Computer Weekly, we talk to the Financial Times CTO about the publisher's successful move to the public cloud and plans for further ...

  • The Global Risk Report 2015
    GlobalRisks2015.jpg
    E-Handbook

    Large-scale cyber attacks are among the prominent risks in 2015 in the 10th Global Risks report from the World Economic Forum.