 Service Sheds Light on Password Selection and Compliance
A new service offering from Security PS is already proving its value for clients. The Password Assessment and Compliance Testing service gives clients critical feedback into the real security provided by their passwords.
One recent survey reported that about 78% of IT departments aren't regularly performing password cracking. These businesses have little assurance that employee passwords are even meeting their written policies. Our findings confirm this is a problem, even for businesses that have technical password controls in place.
For example, one financial institution relied on Microsoft's Active Directory policies to require passwords longer than six characters. Not only did our assessment turn up shorter passwords, but we also found 17 accounts with no password at all. Our report provided the client with a list of these non-compliant accounts so they could quickly close the security holes.
Our consultants start work by cracking the encrypted user passwords. Security PS has invested in dedicated, high speed computers to shorten the amount of time this process takes. Generally, these systems can crack at least 95% of passwords within a few days.
After this cracking process, we use custom software to analyze the quality and popularity of password choices. This reveals the common problems that often result in password related security incidents. Security PS also gives our clients feedback on how their passwords compare to other organizations as well as industry standards.
Finally, we offer recommendations for improving the password choices made by users. These tips can be included in company security awareness training or policies to steer employees towards better passwords.
To see a sample report from the Password Assessment and Compliance Testing service, contact a Security PS account representative.
Article content copyright Security PS 2005 and may not be reproduced without permission.
|
