Passwords are not enough, experts claim

A study published today by security consultancy Barron McCann found 92 per cent of IT managers interviewed said passwords provide the best protection against internal data thieves. Passwords were favoured over other security measures, such as encryption, smartcards or biometrics.

Peter Alderson, network sales and marketing manager at Barron McCann, believes security policies are often down to an IT manager's own attitude. He said: "One of the reasons passwords are still used as the main defence is because security is not considered a serious issue, it comes second to everything else."

The findings were met with concern from security experts. Dr Neil Barrett, technical director at consultancy IRM who has worked closely with the Customs & Excise, Inland Revenue and the police, said passwords are the weakest link in corporate systems security.

"Passwords can be easily guessed by the internal hacker. As they normally are between four and eight digits long, they can also be easily cracked by using a simple software programme which is available on the internet," he said.

Kent Browne, former hacker and now a security manager at IT services company Almdahl, said the shorter passwords become, the more they present an invitation to hack.

"To have four digit passwords protecting your business information is a joke. Any half decent cracker will crack it in a matter of minutes," he said.

Graham Welch, UK VP of security specialist RSA, said: "Everyone knows internal thieves are the largest risk to any company. IT directors should take responsibility over security and implement strong protection against crooks."

The study surveyed 200 companies across all industries in the UK.