The importance of a robust password strategy

The importance of having a robust password strategy, both for private individuals and businesses, has once again been brought to the fore following last week’s episode of Panorama. The programme investigated the hidden dangers of smart devices including, kettles, heating systems, keyless cars, CCTV cameras and baby monitors, as well as others.

One couple featured in the programme found themselves having been watched as they went about their daily lives by others across the globe, via the camera technology they had installed, thinking it would make them more secure. According to Colin Tankard, MD of data security company, Digital Pathways, the way to counter this kind of hacking activity is to ensure strong, sensible, passwords are used so that the hacker cannot easily gain access to devices and take control of them.

I continually talk about the need for better password usage. It astounds me how many passwords remain as ‘password’ or ‘1234’, it’s offering the most unskilled hacker a walk in the park, let alone a professional one,” said Tankard. “We must start to think about checking what and who is attached to our network. So often people do not log onto their home router and look at what devices are connected. This is a simple thing to do and, over time, you can name the devices you know, such as your mobile phone, Sky box, PC etc., thus detecting anything new. This ‘new’ device could easily be a hackers computer now connected to your network, watching what you are sending and to whom”.

Businesses should deploy smarter forms of user authentication such as tokens or certificates or authentication software such as biometrics; in time, these will become the norm. But, for now, we are challenged in having a uniform standard of authentication, as there are so many different formats with vendors fighting to get theirs recognised. One only needs to look at the range of authentication techniques used within personal banking to see there are few standards.

The biggest issue is how some manufacturers are installing old, insecure technology into very modern devices. The WiFi kettle is the latest gadget but internally it uses parts from modem technology going back to the 80s. This core technology has next to no security and uses well know codes to bypass even the basic protection.

What is needed is security to be built in at the core and to be as robust as possible. In this way, the security of the device can be better judged, updated and even added to, thus giving some future proofing, but certainly allowing for updates and modifications, should the need arise. “Security needs to be at the core of our technology design, there is no point in having the ‘latest and greatest’ if it will bring down your network or, steal your money,” concludes Tankard.