Welcome!

Cloud Security Authors: Elizabeth White, Liz McMillan, Pat Romanski, Zakia Bouachraoui, Yeshim Deniz

Related Topics: Cloud Security, Microservices Expo

Cloud Security: Blog Post

Wild Ways People Remember Their Passwords [#Security]

And why breaches are likely because of them

By Dean Wiech

Everyone has done it, used some kind of wild way to remember user names and passwords. Let’s face it, the rules for managing passwords is overwhelming. People are required to remember numerous sets of credentials for all of the systems and applications they need to access their job and personal life, but it’s often too difficult to remember them all.

In addition, passwords often are required to be complex with several different symbols and characters, and they often need to be changed every month or so. Given all of the rules and parameters, how is anyone supposed to keep track, and remember, all of this information on top of all the work they need to complete, PIN codes they need to recall and every other detail that takes up much needed bandwidth?

How do most people remember their passwords? Chances are they keep all of their pass codes in some type of non-secure method to remember them. Given my line of work with clients facing complex password issues, I’ve witnessed many wild ways in which end users use to remember passwords. Frighteningly so, some people even believe that their methods for password “storage” are safe and don’t realize that they are actually putting their organizations at risk.

Though organizational leaders may think that requiring employees to use complex passwords that get changed often is making their network secure, reality is this is often counterintuitive and leads employees to user unsecure methods.

Here are just some of wildest ways I’ve seen people store their passwords:

  1. Since employees feel they have to constantly login, many folks keep their credentials in front of them, written on Post-It notes, pasted to their computer screen in plain sight of passersby. That just makes it a lot easier for hackers to gain access to critical information.
  2. Some people think that if they hide their passwords, this will keep their information more secure. Many employees, however, actually keep their password sheets in their desk drawer or under their keyboards, falsely assuming no one will just open the drawer or move the keyboard and take a peek.
  3. Recently, one of our employees visited the doctor’s office and saw that the receptionist actually had her passwords listed on a recipe card atop the desk next to her monitor in clear view of everyone coming and going. Next to that card were instructions – step by step — for accessing all of her accounts.
  4. Some people even use an invention that they believe is helping them keep their passwords safe: A type of notebook that looks like a phone book allowing them to write down their passwords and organize them. Sure, this is good for organization, but what happens when someone finds the notebook and has access to all of the credentials?

Chances are, many employees in virtually every organization use these methods, but these strategies can cause security risks for any organization. Luckily, though, there are easy ways to stop employees from using such unsecure methods.

One way is with a simple single sign-on solution. An SSO allows employees to create a single set of credentials for all of their systems and applications, eliminating the need to write down passwords or use other unsecure methods for storing their information. Employees simply log in with their credentials and thereafter are authenticated in each of their applications automatically after they are launched.

So, while it may be funny to read how employees remember their passwords, it won’t be funny when your organization faces a security breach because of it.

Dean Wiech is managing director of Tools4ever, a global provider of identity and access management solutions.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
Tapping into blockchain revolution early enough translates into a substantial business competitiveness advantage. Codete comprehensively develops custom, blockchain-based business solutions, founded on the most advanced cryptographic innovations, and striking a balance point between complexity of the technologies used in quickly-changing stack building, business impact, and cost-effectiveness. Codete researches and provides business consultancy in the field of single most thrilling innovative te...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...