Password management has posed a massive challenge for security practitioners for quite some time. They aren’t presenting any new problems, but the complexity tied to the obstacles surrounding passwords have been exacerbated once personal devices began flooding the enterprise.
The more applications that are introduced into the lives of employees, the sloppier the password habits get. Ultimately, these same habits make their way into the enterprise. While some security leaders are working toward making passwords obsolete within their organisations, others may not have the resources or capabilities to take such innovative approaches.
In an ideal world, employees would use strong, unguessable passwords that are unique to every website they visit and application they use, but as Ntrepid Corporation’s Chief Scientist Lance Cottrell says, achieving that with passwords you can remember is fundamentally impossible.
“If you’re going to have strong, unique passwords for every website, you need a system to keep track of it,” Cottrell told InfoSec Insider during a video interview. “Using a password manager just offloads your brain. They aren’t a perfect solution - they have been hacked in the past. [So] if you’re looking to put all of your eggs in one basket, that should probably be a very well protected basket.”
In the full video interview below, Cottrell goes on to share some of the major dos and don’ts tied to password management, and highlights the significant weaknesses in some of the systems we’ve come to rely on heavily.