IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Building a better password

Is your password really as secure as you think it is? Davey Winder investigates.

In the end, what makes implementing a successful secure password management strategy is actually having a strategy in the first place insists Kevin Bocek, director at IronKey. "While it may seem simple" Bocek tells us "it's most important to have a password management strategy and policy of some sort that's actually implemented and enforced even though it's not perfect".

At the smaller end of the enterprise scale, this is often still not yet accomplished. But with the Information Commissioner's Office placing the spotlight on data breaches, many organisations of all sizes have started encrypting mobile data.

"Without being able to enforce and report on encryption use, including the type and quality of passwords used for unlocking encryption keys" Bocek warns "escaping a fine that can reach 500,000 could provide difficult".

Which is where a Continuous Controls Monitoring (CCM) solution can be useful, suggests Richard Hunt.

"CCM provides users with real-time status assurances for all of their compliance control points" he explains "a rule can be configured that triggers an automatic and regular review of password complexity to ensure that user passwords contain enough variation in terms of numbers and upper and lowercase letters". Any exceptions will be automatically flagged in the control output and then reviewed by the IT Admin for relevant action.

Secure or not secure?

So what makes a truly secure password? Jason Hart, an ex-ethical hacker and now vice president of security at CRYPTOCard has a very straight response to the question: nothing makes a password truly secure!

"Passwords are the softest security target" Hart warns "and until people and organisations start adopting strong authentication in the form of, for instance, two-factor authentication this problem won't go away".

Sadly, of course, he is right. Which is why many enterprises are now combining something you have (such as a smartcard or USB stick with a one time password function) with something you know (a PIN) to secure their networks instead.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
NordPass teams up with insurance provider Cowbell Cyber to improve security awareness
cyber security

NordPass teams up with insurance provider Cowbell Cyber to improve security awareness

18 Feb 2022
NCA donates 225 million passwords to Have I Been Pwned
cyber security

NCA donates 225 million passwords to Have I Been Pwned

21 Dec 2021
Top 200 most common passwords of 2021 revealed
cyber security

Top 200 most common passwords of 2021 revealed

10 Dec 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022