Blog article
See all stories »

Forgotten password? You're not alone

Many of us will have come back from the extended holiday period ready to start the New Year with a bang, only to realise that we’ve forgotten our computer password and can’t do anything until the IT department resets it.

It’s not just the fact that you’ve been out of the office for 10 days.  By insisting on “strong” passwords, IT departments are increasingly lumbering us with passwords that need to be up to eight characters in length, must contain at least one capital letter and number, have to be changed every few months – and can’t be re-used.

People try to get around this by writing their passwords down or creating new passwords that follow a pattern –  for example, January2012 or February2012 – making them all too easy to guess. All of which of course his undermines the “strong” password concept.

Security procedures should of course be robust and reliable, but it is just as important for them to be workable and designed to suit users not IT department. Voice-based (biometric) authentication is a good alternative to passwords, and can play an important part in a multi-layer authentication process. The human voice can’t be easily mimicked, nor can it be guessed, written down or forgotten like a password.

One of my forecasts for 2012 is that voice biometrics will begin to be much more used in other security procedures, for example when verifying a money transfer with your bank or an online purchase. It strikes just the right balance between being sufficiently robust and practical, whether in an office or banking environment.

5588

Comments: (2)

John Dring
John Dring - Intel Network Services - Swindon 05 January, 2012, 12:21Be the first to give this comment the thumbs up 0 likes

Thanks for the January, February tip - nice one!

Seriously, its a problem.  I maintain a secured password hint file, on the cloud, that I can access when needed. Secure vault password storage apps for phones are another good option.

A ubiquitous, single sign-on solution is just nirvana and will never happen across the disparate services, whether you add voice or any other biometric.  I am happy with (strong) passwords and like it when combined with checks on the accessing device - so I am told if an acount is accessed from a new device.  That's 2 factor security (or 3 if the strong password is already 2 factor!).

A Finextra member
A Finextra member 10 January, 2012, 11:33Be the first to give this comment the thumbs up 0 likes

Great post, especially the bit about current policies trying to enforce complexity results in making passwords less secure.

If only I could get our corporate IT/security department to read this post.

Not sure I'm convinced by biometrics, but anything has got be better than the current !January2012 mess.

Pat Carroll

Pat Carroll

Founder/Executive Chairman

ValidSoft

Member since

17 Mar 2011

Location

London

Blog posts

79

Comments

40

More from Pat

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all