We desperately need to get better at authenticating people if we are ever going to beat the scourge of identity theft and reverse the dreadful downward spiral that is already accruing costs in the tens of $billions annually.
As a profession, we have a pretty good idea about what needs to be done, with multi-factor authentication and biometrics being high on the list ... and yet by far the majority of IT systems still depend entirely on passwords. In other words, for the forseeable future we're stuck with 'em and hence the security issues arising.
"Usernames and passwords are basically broken
from a security and a usability standpoint"
Passwords are a particularly important topic for security awareness programs since so much revolves around the way we choose and protect our passwords. Furthermore, it's essential that managers and professional specialists appreciate just how broken passwords are as a security mechanism, if we are ever going to climb our way out of the pit of despair. Lack of awareness at their levels condemns us to an ever-worsening litany of privacy, security and compliance breaches.
Once again, we've come up with a fascinating variety of perspectives to explore on what would otherwise be a fairly humdrum information security topic. Security awareness is a vital control in relation to passwords since uneducated people are far less likely to realize the importance of choosing strong passwords and keeping them secret. Through NoticeBored, we are encouraging employees to find more creative passwords, or rather pass-phrases that are both longer and more complex than the norm. For managers and professionals, January's NoticeBored awareness module goes into more depth on the strategic and technical aspects, respectively. It discusses multifactor authentication using security tokens or biometrics, for instance, and outlines the state-of-the-art in password cracking.
As we plummet headlong into another new year, think of us if you find yourself idly dreaming about a security awareness program that never quite seems to materialize. Equally we'd love to support you if your awareness program is up and running. We know how hard it is to keep coming up with fresh ideas and creative content. Let me know if "Do security awareness" features on your long list of new year's resolutions ...
Have a happy new year!