Articles
The Hidden Cost of Complex Passwords
by Stephen Howes, CTO, GrIDsure Limited.
Many organisations strive to maintain the security of their IT networks by insisting that end-users create complex logon passwords that include a mix of upper and lower case characters, letters and numbers. Whilst these complex passwords are undeniably more effective and secure than simpler password structures, they do have cost implications.
Firstly, many users feel frustrated at having to remember yet another lengthy and complicated password and commit the cardinal sin of writing the password down on a piece of paper and hiding it under the computer keyboard, thus negating any of the security benefits. Secondly, numerous studies have indicated that complex passwords result in a greater number of IT support calls from end-users who require password resets. This, in turn, ties up IT staff and takes them away from other more important duties as well as having an obvious impact on employee productivity.
As an alternative to these complex password systems, some companies issue network users with hardware tokens that generate ‘one time’ pass-codes to be used in conjunction with usernames or shorter passwords. However, these tokens have a limited lifespan, are expensive to purchase, can be broken or lost, have an environmental cost (in terms of disposal and recycling) and normally require IT managers and system administrators to install additional server software.
One of the major advantages of the GrIDsure system of identity authentication is that it does away with the need for complex passwords and tokens. The GrIDsure system generates a one time PIN number or password based on a grid pattern that has been pre-defined by the user. With no need for additional software or hardware, GrIDsure is easily adopted by both business users and consumers alike and is resistant to the most popular forms of attacks, including shoulder-surfing, phishing, screen-scraping and man-in-the-middle attacks. In a recent study, Professor Angela Sasse, Professor of Human-Centred Technology at University College London concluded:
”Having looked at many mechanisms which have been proposed in recent years to overcome users' problems with PINs and passwords, this is the first one that has the potential to offer good usability and increased security at the same time”
Published November 2009
