Oct 14, 2013
Posted by Robert Creech in: May Contain Nuts
Ah, the password…invaluable security tool, necessary evil, or simply the reason to have to call IT support before even starting the working day?
The concept of a tool to help identify the individual is not new – we have placed our mark or signed documents for many a century – but the prevalence of passwords for so many different things can now make them seem a hindrance rather than a help.
So why do you need a password in the work environment? After all, you trust your colleagues and your network is secure. Let us start with the basic need for a password on the office PC. I am no longer surprised when I receive a call along the following lines;
Caller – “I’m going away for a week and don’t want anyone accessing my files or emails.”
Me – “That’s not a problem, leave your computer logged off.”
Caller – “Not enough, everyone knows my password.”
In this short dialogue we have covered the fundamental need for the password – never mind the outside world getting in, if your colleagues shouldn’t be accessing your details then the password is the key – literally.
At workplaces where it is accepted that passwords are regularly shared or, worse still, a single standard is used across the network, well meaning users can often be the cause of further admin headaches. Astute users seeking additional ‘security’ may take matters into their own hands, password protecting sensitive documents – which is all well and good as long as the password is not forgotten or the user doesn’t move on without first disclosing the details. Arguably worse still is the user who saves all the important documents onto the local machine ‘in the interests of security’ which, to the ears’ of the IT administrator, comes out as “All my important documents are kept well away from the company’s data backup.” However well intentioned, both scenarios can lead to important information becoming lost.
In an age where remote access to files and emails is prevalent standard or widely known passwords could give a disgruntled ex-employee or even an existing, over-curious one complete access to files and folders that should remain confidential and locked down. Different offices will have differing requirements governed by size, data sensitivity and compliance issues but all organisations should embrace and make use of this most basic security tool, setting an individual and secure password for each user.
In a further article “Password 101 – Part 2” we look at the principles behind good network password generation.
Passwords 101 – part 1
Part of the “May contain nuts” series of short articles discussing familiar topics which we should all revisit once in a while.