Network Computing Dark Reading

Advertise

Risk

12/9/2015
01:50 PM

Ericka Chickowski
Slideshows

Connect Directly

6 comments
Comment Now

50%

The Employee Password Habits That Could Hurt Enterprises

While education and efforts around online credentials are improving, password hygiene still has problems

1 of 10

The lines drawn between personal digital space and work digital space are all but disintegrated as the traditional 40-hour work week in a confined office dissolves away in this gig economy. This makes life difficult when it comes to accessing and securing data. A survey out recently by Ping Identity shows how even though companies my have good credential policies in place, and employees are made aware of security, their password safety still lags. Here's a look at some of the relevant stats.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio

1 of 10

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

12 Things You May Not Know About Microsoft Azure

[UC Security] How Analytics Addresses the Threats You Don't Know About

More Webcasts

White Papers

In Today's Age of Digital Transformation, How Does Your Firewall Measure Up?

2019 Definitive Guide to Public Cloud Security

More White Papers

Reports

2019 Threat Hunting Report

Getting Started With Emerging Technologies

More Reports

Comments

Oldest First | Newest First | Threaded View

[close this box]

50%

Whoopty,
User Rank: Ninja
12/10/2015 | 7:34:49 AM

We're all guilty

I bet we're all guilty of something on this list, even those who are pretty good with password security. They're endlessly annoying though. You have to remember them, yet make them complicated and change them regularly. It's such a headache.

The amount of services we all use now too, there's no way to remember everything. But then do you change your password storage login often? If you forget that, the pain-in-the-neck of having to reset everything is ridiculous.

Reply | Post Message | Messages List | Start a Board

50%

BarbaraJohnson,
User Rank: Author
12/12/2015 | 7:22:21 PM

Nice compliation of bad habits and statistics

I especially like "*54% of employees share login information with family members so they can access their computers, smartphones and tablets" It's a good specific point to add into user awareness material.

Reply | Post Message | Messages List | Start a Board

100%

RyonKnight,
User Rank: Strategist
12/16/2015 | 3:29:56 AM

All on one page please

Article on one page please. I'd like to read it but I'm not clicking through 10 pages.

Reply | Post Message | Messages List | Start a Board

50%

Joe Stanganelli,
User Rank: Ninja
12/20/2015 | 4:49:50 PM

Re: We're all guilty

This is exactly why many security experts today advise what was once taboo advice -- that people write down their passwords, specifically to allow for greater complexity and entropy. Better you write down your password and keep it in a secure place (for instance, not on a sticky note on your computer monitor) and it be super hard to remember than have an easy to remember (and easy to guess/hack) password that you don't write down.

Reply | Post Message | Messages List | Start a Board

50%

Joe Stanganelli,
User Rank: Ninja
12/20/2015 | 4:51:34 PM

Re: Nice compliation of bad habits and statistics

Not to mention family members and friends who may become aware of their loved ones' passwords in other ways.

I once went on a date with someone who told me that because of her company's onerous password-changing requirements, she always just did a minor variation of the same (easy-to-guess) word.

Reply | Post Message | Messages List | Start a Board

50%

Joe Stanganelli,
User Rank: Ninja
12/20/2015 | 4:52:52 PM

Recipe for disaster

The password-changing policy is possibly the worst. It makes no account for employees who actually have strong passwords and also fails to take into account actual risk. That's how you get simple-to-guess/hack passwords.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

Navigating Security in the Cloud

Diya Jolly, Chief Product Officer, Okta, 12/4/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

In Today's Age of Digital Transformation, How Does Your Firewall Measure Up?

The Future of Network Security is in the Cloud

[Infographic] Intelligent Phishing Defense

The Silent Threat: Third Party Cyber Risk

5 Steps to Keep Network Security Enforcement Points Secure and Up-To-Date

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: When I requested protection from spear phishing campaigns, I didn't quite expect this.

Cartoon Archive

Current Issue

Navigating the Deluge of Security Data

In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Rethinking Enterprise Data Defense

Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprise

0 comments

2019 Online Malware and Threats

0 comments

The State of IT Operations and Cybersecurity Operations

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-16772
PUBLISHED: 2019-12-07

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...

CVE-2019-9464
PUBLISHED: 2019-12-06

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...

CVE-2019-2220
PUBLISHED: 2019-12-06

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

CVE-2019-2221
PUBLISHED: 2019-12-06

In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2019-2222
PUBLISHED: 2019-12-06

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]