Posts Tagged ‘password management’

Password Usage Behavior Survey Announced

Wednesday, June 3rd, 2009

ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.

The questionnaire is well designed and if you have no time you can simply tick the matching answers which are prepared for your convenience. If you have a special experience to share or lots of thoughts on passwords, please take a while and use empty spaces provided for your own answers.

The survey is set to run for several weeks in order to cover more people, for we understand that summer is the best season for vacations. After the survey is completed and results calculated, we will release a full report with facts and figures. We tried to put sensible questions in the belief that results’ analysis will help us find out which questions should be better and more deeply highlighted in our articles, whitepapers, as well as in our blog.

This is the first our empirical research and we hope you will find it interesting and enjoyable. You definitely have your own opinion on passwords, and as you understand this survey is a perfect way for you to share that opinion. So what do you think? Be frank and open, take the questionnaire, and help us let others know about it.

 

NIST drafts new enterprise password management (open to publication, distribution and adaptation!)

Wednesday, May 13th, 2009

Probably you’ve already heard about this vicious circle thousand times:

Requiring that passwords be long and complex makes it less likely that attackers will guess or crack them, but it also makes the passwords harder for users to remember, and thus more likely to be stored insecurely. This increases the likelihood that users will store their passwords insecurely and expose them to attackers.

So, how to work out an appropriate password policy? Need help? Find some tips in NIST (The National Institute of Standards and Technology) study, GUIDE TO ENTERPRISE PASSWORD MANAGEMENT (DRAFT), which “has been prepared for use by Federal agencies”, but also “may be used by nongovernmental organizations on a voluntary basis”.

Here are some nuggets from the paper: 

• Organizations should review their password policies periodically, particularly as major technology changes occur (e.g., new operating system) that may affect password management.

Users should be made aware of threats against their knowledge and behavior, such as phishing attacks, keystroke loggers, and shoulder surfing, and how they should respond when they suspect an attack may be occurring.

• Organizations should consider having different policies for password expiration for different types of systems, operating systems, and applications, to reflect their varying security needs and usability requirements.

Do you have something to add? So, review and revise it freely – the paper is not subject to copyright. ;)