Password Policy


Obviously, we witness a large positive tendency in protecting valuable data all over the companies. According to the last annual global password survey approximately 70% (1) of all examined organizations improve their IT-security policy raising the number of password changes per year, complicating passwords by various numbers and signs, and paying special attention to their length.

You may ask why we should rely on passwords that are not complete and need constant verification. Is there any other option to secure and control access to your valuable data? There certainly must be some other means of authentication. You are right. I'm sure you've seen those sci-fi movies when a sexy spy has to identify his fingerprints, voice pattern, or even DNA sequence to enter some devilish and secret building. These biometric methods look very impressive, but not all of the companies can afford such luxurious security systems. However, they are quite safe and thus broadly spread in the criminal sphere and national security issues. Instead, you may use diverse security tokens, but apart from biometric parameters that are unavoidably with you, you will have to keep an eye on all these special devices. They are pocket-size, cutting edge, and very stylish, still they can easily disappear from your keychain. All things considered, passwords seem to be the least burdensome, but can you unambiguously rely on your memory?

Naturally, people can not remember say a 15 symbol password at once. It becomes more problematic if you have to remember several such passwords and change them regularly. What would you do? Probably jot them all down and hide under your keyboard as 50% (1) of all responses do? Bad choice! Imagine you are a network administrator, you would acquire such an impressive collection that the Royal Library of Alexandria could envy you. Maybe, store your passwords on your PDA as 11% (2) of responders do? Not really safe! Fair enough, you can severely crack those portable devices, but still bad guys will most likely take advantage of the Internet connection your sophisticated devices are equipped with and sniff out your precious passwords say through email. I wonder is there any safe way to save our passwords? Ironically, this necessity in security enhancement actually jeopardizes the information you desperately try to save from others.

In addition, there are always human factor mistakes that can never be predicted. Funnily enough, practically 75% (2) of all responses use one password for different login applications. Guys, you dance on a volcano! There is no universal password which could be safe for all the documents. You can make up the longest password you are able to remember, but for some programs do not require them to be so complicated, you risk losing all your other documents. Interestingly, more than 80% (2) of responders simply forget their passwords. That is human nature! Believe me or not, network administrators reap a good benefit from it.

Poor password policy management brings about a great demand and, consequently, provokes cost increase in IT help desk services which ends up in heavy expenses for the end-users. It is estimated that IT help desk administrators charge $ 25- $ 50 for one call. Let's say you forget just one single password every week; then you would give away $ 2600 in a year. The same sum of money is charged for one password reset (1). As IT-security experts recommend changing passwords every 3 months that would cause some extra expenses.

(1) SafeNet, Second Annual Global Survey Survey (2004)

(2) Protocom Development Systems, Global Password Usage Survey (2003)


Source by Olga Koksharova