Passwords: Think Them Through And Think Twice!

Information Technology brings with it Information Security – to protect the data held on the variety of servers, storage devices and computers that make up the modern office/hospital/bank or any other type of business you can think of.

By Robert Hall, Support Analyst, Marval Software

Computer systems are everywhere. In our homes, public places as well as work. Access to computer systems is easier than ever before with the advent of portable devices and Wi-Fi technologies. The makes and models in use can change over time, a short period of time – Blackberry handsets for example have been in and out of favour, replaced by smartphones with large (relatively) flat touch screens. Laptops and tablets are very popular due to their size and portability, and company IT admins are having to cope with the Bring Your Own Device (BYOD) demands of their employees, because it’s what we expect. We use a tablet and smartphone at home, we use them on the commute to work, we use them at work – they are always on.

Imagine however if you could pick up any of those devices and see the available content completely unchallenged by a prompt for a passcode or password. Fine if you’re at home and can trust the people that are likely to want that access, but on the train, in a coffee shop, at work or at another workplace? We need some kind of protection or intervention that protects that access. We need a password.

Data, corporate data or personal data is valuable not just to ourselves or our employers, but to those who would exploit their access to it because it contains sensitive information that we would probably not want others to know. There have been over 35,000 security exploits in the 6 years from 2009 to 2015 (source: offensive-security.com).

Using a password does not completely remove the vulnerability of a computer system to a security exploit, but it can at least make it harder for such an attack to gain access to it.

Marval MSM now supports https, so that even our login page is more secure than it was before with just http. We also use a password hashing algorithm. The iteration count affects the length of compute time it takes to generate a hash. The larger the number is, the longer it would take for an attacker to brute-force a password. We can also set the following options:

·         Allow User To Reset Password

·         Minimum Password Length

·         Expiry Period (days) History Count

·         Enforce Alpha/Numeric Mix

·         Enforce Unique Characters

·         Enforce Mixed Case

·         Cannot Be User Name

·         Change Blank At Log In

So, create a difficult password, try to avoid the much publicised “password”, “qwerty”, “123456” and think of it as your duty to protect your customers’ information.