Internet Seminar: Solving the Human Factor of Security

Network security and a plethora of lost passwords

by / October 5, 2006
A recent Internet seminar brought to light the problem of security and password maintenance within companies. According to Al Sherwood of the Center for Digital Government, 40 percent of help desk calls within a company are forgotten passwords, and secure password maintenance costs between $200-$300 per user, annually.

These problems are primarily a human factor. Four out of 5 people would give their password to a co-worker, and most people either write down their passwords or use very easy words such as the name of a pet or child. To remedy this, Sherwood suggested that people use so called "strong" passwords -- combinations of upper and lowercase letters, numbers and symbols. And passwords should never be written down. The only problem is that most people can not remember these "strong" passwords, such as the example given by Sherwood -- Idn@^78*&3NpRz. "The efficiency of password security is not in sync with the reality of human behavior," Sherwood explained.

As a possible answer to this problem, the seminar covered the implementation of biometrics to a company's security network. Patrick Honny of the San Bernardino County Recorder's Office discussed his office's use of fingerprint scanners to eliminate some of the costs associated with lost passwords. Honny explained that the use of the fingerprint scan system reduced the amount of help desk calls, and increased network security.

Vance Bjorn, CTO of DigitalPersona -- the company who makes the finger scanning program used by Honny's office -- says that the fears of some employees of a possible "Big Brother" situation can be eased since their program "stores minutia points in an encrypted format." These "finger templates" are not the typical fingerprints that law enforcement would use, and they are stored as mathematical equations.

Gina M. Scott Writer