View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Is it time to send passwords on holiday?

By John Oates

It is peak holiday time in the UK and Europe. But for enterprise security teams this brings a bigger headache than one caused by too much sun and sangria.

About one in four people will return from holiday so relaxed and clear headed that they’ve forgotten their passwords.

Dealing with just one password reset is not much of a problem but larger companies can find help desks facing a serious overload created by hundreds of people needing help with new passwords.

It also creates the risk that people in a hurry to get back to work will choose simple passwords so they can get on with their jobs.

IT security teams have been trying to get people to choose more secure passwords for as long as anyone can remember.

But too many of the techniques used – forcing people to regularly change passwords, include numbers and random characters and requiring several passwords for different parts of the network – can actually have the opposite effect.

By making passwords such a pain security teams are actually encouraging people to cheat – to use the same passwords for multiple systems or even to write passwords down so they can remember them.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Even the best passwords are only part of the security puzzle.

Serious applications require some sort of two factor authentication which is far easier for the user to manage than reliance on just passwords.

By using ‘something you have and something you know’, whether it is a token system or biometrics, systems are far more secure and life is much easier for the user.

Intelligent security systems should not put the onus on the user. Instead security teams should strive to create systems which provide genuine security not just meaningless processes.

By getting people on-side and creating systems which put the user at the centre the security stance of the whole organisation can be improved.

Unfortunately passwords are not going to disappear any time soon. However annoying they are they can still be a useful step in any security process.

But no organisation should rely on them entirely, or force their users to jump through hoops just to do their jobs.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.