Access your Pro+ Content below.
A pen tester’s perspective on creating a secure password
This article is part of the IT in Europe issue of December 2011
In my day-to-day work as a penetration tester, I find it often isn’t the latest vulnerability or exploit that compromises most organisations: It’s weak passwords. Passwords are everywhere: Internal logins, remote access products, laptops and smartphones all require users to have passwords for authentication. As pen testers, we simulate many situations for our clients, including stolen laptops, remote access and internal “disgruntled employee” situations. Whether it is through simple password guessing techniques or cracking password hashes, we tend to find at least one account with a simple password such as “password”, “Password123”, the organisation's name, or the standard password that admins set when a user has forgotten his or her password. When creating a secure password, there's a myth that they must be at least eight characters in length, be alphanumeric and contain special characters in order to be secure. This causes users to create passwords that are not only difficult to remember, but also easy for attackers to crack. ...
Access this PRO+ Content for Free!
Features in this issue
As the relative security of passwords falters, are they destined for obscurity?
A pen tester explains the importance of creating a secure password
News in this issue
Traditional antimalware can't keep up with the threat landscape. Are antivirus signatures destined for the rubbish bin?
Columns in this issue
It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them.