That's John Callas, CTO of PGP Corp, on the multiple pasword issue. The whole article is a good read, quoting a poll by searchsecurity.com that found "77% of respondents had six or more passwords to remember for their jobs."
The password issue's a tricky one. The proliferation of password-based access to data, networks, and applications has left almost all users with the problem of password juggling. SSO and other attempts to reduce passwords have their own problems, single point of failure being one of the nastiest.
If I had a solution to the problem, I'd be a wealthy woman. In the meanwhile, companies will do well to train their users on how to select secure passwords and, something that's often overlooked, instruct users not to use these passwords for external access. While cracking a password for an internal corporate system may be fairly difficult, cracking a password for a hotmail account, depending on the vulnerability du jour in the hotmail system, often isn't. If an employee is re-using internal passwords for access to external information there's a potential vulnerability.
So train users to guard their internal passwords carefully.
Posted by Diana at May 27, 2003 03:26 PM