Security of Passwords ISO27001
Each year, just before the INFOSEC (Information Security Exhibition) a
test is carried out to asses the level of security placed upon workplace
This year your password could be exchanged for a chocolate bar. It is
still shocking that some 64% of people challenged outside Liverpool
Street railway station in Central London, were prepared to give their
passwords away for a paltry chocolate bar. The findings were further
segmented when the split of sexes was added into the equation; more of
those giving away their passwords were women.
Where the questions were extended to ask for telephone numbers, place of
work and dates of birth in exchange for the chance to win a holiday then
results were down but still more women than men gave their details but
The only crumb of consolation is that the total numbers prepared to
compromise their personal or work security is down on last year by about
Government and big business continues to exhibit a less than satisfactory
level of care with our security; indeed another case where there had been
a problem with email attachments resulted in a disc being sent by normal
post. The disc contained important information but was only protected by
a basic password, which the company admitted, could be broken in a matter
of minutes. The disc did not arrive.
It is not known how many of the security details given away at Liverpool
Street Station were genuine and how many were simply wrong, but working
on the 70:30 principle a good number were genuine. It is fortunate that
details obtained were not used for any unauthorised use.... but they
could have been.
Vigilance is required to ensure security of all our systems
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an
established independent management consultancy based in Essex, UK which
specializes in ISO27001 Information Security Management consultancy.