Access "A pen tester’s perspective on creating a secure password"
This article is part of the December 2011 issue of Breaking the code: Are passwords destined for obscurity?
In my day-to-day work as a penetration tester, I find it often isn’t the latest vulnerability or exploit that compromises most organisations: It’s weak passwords. Passwords are everywhere: Internal logins, remote access products, laptops and smartphones all require users to have passwords for authentication. As pen testers, we simulate many situations for our clients, including stolen laptops, remote access and internal “disgruntled employee” situations. Whether it is through simple password guessing techniques or cracking password hashes, we tend to find at least one account with a simple password such as “password”, “Password123”, the organisation's name, or the standard password that admins set when a user has forgotten his or her password. When creating a secure password, there's a myth that they must be at least eight characters in length, be alphanumeric and contain special characters in order to be secure. This causes users to create passwords that are not only difficult to remember, but also easy for attackers to crack. This is due to the fact that ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Alternatives to passwords: Replacing the ubiquitous authenticator
by Ron Condon, UK Bureau Chief
As the relative security of passwords falters, are they destined for obscurity?
-
Alternatives to passwords: Replacing the ubiquitous authenticator
by Ron Condon, UK Bureau Chief
-
-
A pen tester’s perspective on creating a secure password
by Mike McLaughlin, Contributor
A pen tester explains the importance of creating a secure password
-
A pen tester’s perspective on creating a secure password
by Mike McLaughlin, Contributor
-
News
-
Is it the end of the line for antivirus signatures?
by Ron Condon, UK Bureau Chief
Traditional antimalware can't keep up with the threat landscape. Are antivirus signatures destined for the rubbish bin?
-
Is it the end of the line for antivirus signatures?
by Ron Condon, UK Bureau Chief
-
Columns
-
Opinion: Firms can’t or won’t address social networking security risks
by Ron Condon, UK Bureau Chief
It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them.
-
Opinion: Firms can’t or won’t address social networking security risks
by Ron Condon, UK Bureau Chief
More Premium Content Accessible For Free
Computer Weekly Buyer's Guide to context-aware security
E-Handbook
In this 11-page buyer’s guide, Computer Weekly looks at how organisations should approach context-aware security technologies and what business ...
Computer Weekly Buyer's Guide to software as a service
E-Handbook
In this nine-page buyer’s guide, Computer Weekly looks at how a CIO can best integrate it with existing on-premise software, the restrictions behind ...
Computer Weekly Buyer's Guide to infrastructure on demand
E-Handbook
Working out how to make infrastructure on demand work for your company is a challenge. In this 10-page buyer's guide, Computer Weekly looks at ...