Should we kill passwords dead?

White House cyber security czar Michael Daniel gave a speech on Wednesday of this week prior to the Identity Ecosystem Steering Group’s ninth annual conference. He is quoted by Federal News Radio as saying, “I often say that one of my key goals in my job that I would really love to be able to do is to kill the password dead”.

But are passwords really that much of a risk?

According to the Trustwave 2012 Global Security Report, 80% of cyber security incidents were due to weak passwords. According to the report, the use of weak and/or default passwords continues to be one of the primary weaknesses exploited by cyber criminals.

The top 10 passwords identified by the study were:

  1. Password1
  2. welcome
  3. Password
  4. Welcome1
  5. welcome1
  6. Password2
  7. 123456
  8. Password01
  9. Password3
  10. P@ssw0rd

With such weak passwords being employed, is it any wonder that their failure is behind 80% of cyber security incidents? It would seem not.

How do we solve this issue?

While there are some efforts in the US Federal Government to come up with alternatives to passwords, for now most of us are stuck with using them as the main form of security on the Web.

The only practical answer is a password management solution such as Password Vault Manager Enterprise Edition. This software not only stores passwords securely using military grade encryption in a central location, it can also be used to generate secure, unique passwords that are incredibly hard to crack.

If you want ensure the security of your organisation, you need to be using password management software.