Security of Passwords ISO27001
Computer/Internet/Software Articles
Add an article Back to Articles
Each year, just before the INFOSEC (Information Security Exhibition) a test
is carried out to asses the level of security placed upon workplace passwords.
This year your password could be exchanged for a chocolate bar. It is still
shocking that some 64% of people challenged outside Liverpool Street railway
station in Central London, were prepared to give their passwords away for a
paltry chocolate bar. The findings were further segmented when the split of
sexes was added into the equation; more of those giving away their passwords
were women.
Where the questions were extended to ask for telephone numbers, place of work
and dates of birth in exchange for the chance to win a holiday then results were
down but still more women than men gave their details but only just.
The only crumb of consolation is that the total numbers prepared to
compromise their personal or work security is down on last year by about 20%.
Government and big business continues to exhibit a less than satisfactory
level of care with our security; indeed another case where there had been a
problem with email attachments resulted in a disc being sent by normal post. The
disc contained important information but was only protected by a basic password,
which the company admitted, could be broken in a matter of minutes. The disc did
not arrive.
It is not known how many of the security details given away at Liverpool
Street Station were genuine and how many were simply wrong, but working on the
70:30 principle a good number were genuine. It is fortunate that details
obtained were not used for any unauthorised use.... but they could have been.
Vigilance is required to ensure security of all our systems
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an
established independent management consultancy based in Essex, UK which
specialises in
ISO27001
Information Security Management consultancy.
