RSS Alerts

Share

More services

Related Links

  • Quest Software
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • WiFi cracking service breaks WPA passwords in 20 minutes
    A new online service - launched by IT security researcher Moxie Marlinspike - claims to crack vulnerable WiFi passwords in around 20 minutes, a process that would take a dual-core PC around 120 hours.
  • Many people use same password on all websites says CPP
    More than 1.7 million people are at risk of falling victim to internet fraud because they use exactly the same password every time they go online, a report from card security insurer CPP has warned.
  • Does weak cloud password security mean local storage is best?
    Hard on the heels of researchers at last week's Black Hat security briefings showing how easy it is to recover third party passwords on Amazon's EC2 and Microsoft's Office Online services, Andy Cordial, Origin Storage's managing director, said that this highlights the fact that local storage technology is far more secure than the cloud.
  • New version of L0phtCrack to be unveiled next week
    Seasoned penetration testers and security experts will recall that L0phtCrack, a seriously heavy-duty password testing utility, was quietly withdrawn by Symantec in 2006, after the IT security vendor reportedly became worried about export regulations of the high-tech software from the United States.
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...

Top 5 Stories

News

Quest webinar reveals corporate password strategies

10 March 2010

The tricky task of password management strategies has been reviewed and discussed in a successful webinar with analyst Nigel Stanley and password specialist Stuart Harrison of Quest Software.

In the webinar – a recording of which can be reviewed here – Stanley explained how a simple alphabetic approach to company passwords is no longer valid, with a six digit alpha code being crackable in around five minutes.

Coupled with the fact that many corporate staff have five or six passwords they use on a regular basis, the Bloor Research practice leader said that administering passwords in companies of all sizes is rapidly becoming a headache for IT staff, not least because of the requirement to change them on a regular basis.

Stanley advises that passphrases – a term he says better describes the credentials required to access computer-based systems than the 'password' term – should be changed every 30 days.

But this, of course, means that users must be prompted to change their passphrases and, if they fail to change them, action needs to be taken by management.

Stuart Harrison agreed on this point, outlining some of the strategies and solutions available from Quest to manage passwords, noting that there can also be headaches when it comes to helping staff recover their passwords – a process that always seems to happen on a Monday morning, and when staff return from holidays.

And in a lively Q&A session, the panel – moderated by Infosecurity's technical editor Steve Gold – answered the many questions that attendees posed, such as what security issues arise where companies use digital password storage technologies, and why biometric technology has not yet hit the mainstream.

According to Gold, the webinar offered attendees a thorough grounding in some of the many IT security issues that password management creates in any modern organisation, as well as revealing some of the strategies that organisations can employ to mitigate the risks that arise from this often overlooked aspect of security.

"Many people think that password management is an area that staff can administer themselves. This is far from the truth. As our webinar showed, there are a lot of issues that IT staff and their management are struggling to deal with, but the good news is that this even gave attendees a number of solutions to those issues", he said.

A recording of this interesting and informative event is now online...

This article is featured in:
Application Security • Biometrics • Compliance and Policy  • Identity and Access Management  • Internet and Network Security • Security Training and Education

 

Comments

security first says:

19 April 2010
This company has it figured out by using your livebiometric fingerprint as your username and password. Can't be fooled by making a impression of your fingerprint. Check it out at www.verifytouch.com

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012