The Microsoft approach to passwords, which involves the creation of a list of passwords that users are forbidden to use with online accounts, is still not fit for purpose. This is according to Dave Worrall, CTO of Secure CloudLink, a secure identity management service. He argues that the inherent weaknesses presented by passwords are still being ignored.
Worral says: “The current approaches to passwords, including Microsoft’s new approach, still present vulnerabilities. The fact remains that even if a user creates a strong password, this alone will not be sufficient to protect it, due to the way they are stored and shared. Users can pick a series of complex passwords for different applications, which make them strong with regards to them being guessed. The risk is that if a site is hacked and the website or server doesn’t store passwords in an encrypted format, then corporate data as well as personal details run the risk of being compromised. Even if passwords are encrypted, they can be stolen and the encryption cracked.
“What’s more, although it’s a positive sign that Microsoft is trying to bolster its security efforts, complex passwords are often inconvenient for users, which is why they are avoided in the first instance or why users forget them. As if this is not challenge enough, computing power has increased so much that a simple graphics card can crack a strong password.
“Some of the solutions now being developed include single sign on and password managers. As well as this, many companies have tried to reduce the vulnerabilities by hashing passwords, or introducing biometric access options, to improve the user experience by adding a new level of security user credentials, but not removing the use and transmission of user credentials and passwords behind the scenes.
“Security vendors and IT departments are still continuing to ignore the real problems faced by humans – the people who use these systems in the first place. Designs that were once suitable have not been updated to accommodate the increasing digital economy. The long line of hacks and data breaches which we continue to see played in the public domain now requires immediate action – the password security system is simply a vulnerable protocol and the quicker we look for solutions to address this the better chance we have of safe-guarding our personal information and data.” Visit http://www.securecloudlink.com.
