Font Size

Security of Passwords ISO27001

 By

Chris Eden - Quality Matters Limited

Computer/Internet/Software Articles
Submit Articles   Back to Articles

Each year, just before the INFOSEC (Information Security Exhibition) a test is carried out to asses the level of security placed upon workplace passwords.

This year your password could be exchanged for a chocolate bar. It is still shocking that some 64% of people challenged outside Liverpool Street railway station in Central London, were prepared to give their passwords away for a paltry chocolate bar. The findings were further segmented when the split of sexes was added into the equation; more of those giving away their passwords were women.

Where the questions were extended to ask for telephone numbers, place of work and dates of birth in exchange for the chance to win a holiday then results were down but still more women than men gave their details but only just.

The only crumb of consolation is that the total numbers prepared to compromise their personal or work security is down on last year by about 20%.

Government and big business continues to exhibit a less than satisfactory level of care with our security; indeed another case where there had been a problem with email attachments resulted in a disc being sent by normal post. The disc contained important information but was only protected by a basic password, which the company admitted, could be broken in a matter of minutes. The disc did not arrive.

It is not known how many of the security details given away at Liverpool Street Station were genuine and how many were simply wrong, but working on the 70:30 principle a good number were genuine. It is fortunate that details obtained were not used for any unauthorised use.... but they could have been.

Vigilance is required to ensure security of all our systems


About the Author

Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy based in Essex, UK which specialises in ISO27001 Information Security Management consultancy.



Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2008-07-11 13:35:14 in Computer Articles

All Articles

Copyright © 2004-2019 Scopulus Limited. All rights reserved.