No other way in as users get better at security...
By Andy McCue
Published: 22 October 2003 16:20 BST
Hackers are increasingly resorting to social engineering techniques to obtain confidential passwords as businesses become better at locking down and patching their computer networks.
And the bad news is that users are still very much the weak link when it comes to choosing and protecting their passwords, according to the results of a survey of IT security experts.
It found that 15 per cent of those asked in an online questionnaire to give their network passwords in order to be entered into a prize draw happily clicked through to the page ready to divulge the information.
Paul Vlissidis, head of risk services at technology consultancy NCC Group, which carried out the survey, told silicon.com that the problem of staff – and especially those in IT who should know better – being lazy with passwords is leaving companies at risk.
"The issue is that it is laziness and ignorance causing network security problems. Passwords are of greater importance now that remote access has increased from laptops and PCs with broadband at home," he said.
He said that social engineering techniques used by hackers to glean passwords that will give them access to corporate networks are on the increase as IT departments get better at protecting their systems.
"It is increasing as people wake up to other kinds of network vulnerabilities such as patching systems and as they narrow down areas of attack hackers are going to run out of places to exploit and so will go for passwords."
Common bad practice includes shared passwords for departments and obvious popular passwords such as football clubs – and Vlissidis said those in the boardroom are often the main culprits.
The main advice for users is to avoid using dictionary words for passwords that can be cracked by programs and to use a mixture of numbers and letters. One method is to choose a favourite song or poem and take the first letter from each line of the first verse along with a couple of numbers. When it comes round to change the password, just move on to the next verse.
"As long as you know what that song is you will never forget the password," said Vlissidis.
Surely the 15% are the clever ones (assuming they ...
Pete Jones
I once audited a company and found that 54% of the...
Anonymous
Using a favourite song...brilliant. Now in order ...
Anonymous
It is evident in my experiences that 95% of people...
Nohj Edo
It only takes 1 person to comprise a network. It'...
Apiaryist
You will need to understand how to install and configure a server; principles of security and post-install lock-down of servers; user accounts and ...
You will be responsible for the operations/administration of the company's internal network which shall be growing to a user base of 20 over the ...
Ensure that WICS input clerks and document controller are inputting their documents correctly (Correct folder, file names, document numbers, titles, ...
Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you
Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy