Strong passwords are better than weak ones: While most will agree with this statement, there are some who disagree. Users dislike strong passwords because they are cumbersome and easily forgotten. Many users (and managers) feel it’s unnecessary because perceived risk is very low. Managing lost and forgotten passwords is a burden on the help desk and results in lost productivity.
The IT community has long debated the true value of strong passwords. In a recent TechRepublic article, Selena Fry cites two current opposing sides to this argument in favor of and against the use of strong passwords. Those in favor of strong passwords argue that a strong password improves security. Strong passwords are difficult to guess and even with the use of hacking tools, still offer the best defense against most hacking attempts. Those against argue that users will find ways to abuse what should be a secure process and use a simple but compliant version of a strong password. What would have been a good security measure now makes it nearly as easy to compromise as a simple, weak password. Some have even declared the password is dead citing hacking methods in use today that can crack even complex passwords. Furthermore, the use of social networking where personal information is readily available to the hacker often gives clues unintentionally. In a recent CBC audio program “The Current”, Dr. Markus Jakobsson discusses this with guest host Jim Brown and introduces new technologies to replace traditional password methods. These and other technologies offer hope but still have a ways to go before we see them in daily use.
Each argument has merit, however, based on readily available technology, using strong passwords correctly does improve security. When implemented properly with tools to help manage user identities along with educating users on their role in helping sustain security, strong passwords will make a more secure environment. Netwrix recognizes the need organizations have to protect their users’ identities simply and easily offering a suite of products to help manage the day-to-day operational duties that surpasses native, built-in tools and extends capabilities to both administrators and end users. Netwrix freewares kit contains a free tool to remind users of expiring passwords, an account lockout examiner to investigate account lockout issues, as well as an inactive user detection tool.