I. Background

Industry Story

Sony Hack Reveals Password Security is Even Worse than Feared

A million Sony users' password / username IDs and 250,000 Gawker login credentials, each stored in plain text, were exposed via separate hacks.

An analysis by security researcher Troy Hunt revealed that two-thirds of users with accounts at both Sony and Gawker used the same password on both sites. Half the password sample from the Sony hack used only one character type and only one in a hundred passwords used a non-alphanumeric character, much the same as revealed by the earlier Gawker hack. Only 4 per cent of these passwords had three or more character types. In addition, around 36 per cent of the passwords used appeared in a password dictionary, a factor that would leave them wide open to brute-forcing attacks.

The data gleaned by Hunt from the Sony hack shows that this is unlikely to be some sort of statistical quirk. On the contrary, by any metric, consumer password security revealed via the Sony hack is dire.

See the article:


http://www.theregister.co.uk/2011/06/08/password_re_use_survey

 

Password Management Overview

Passwords are secret strings of characters that are used for authenticating users and gaining access to information resources. As the authentication method used by most of the universities' information systems today, an appropriate management framework of passwords plays a significant role in sustaining information security within universities.

The objective of password management solutions is to reduce the risks of passwords being compromised due to inappropriate user behaviours or security threats caused by malicious activities. Typical components encompass processes and technologies that regulate the provision and storage of user account IDs and passwords across the information systems within organisations such as universities.

 
Reference:
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
http://www.ogcio.gov.hk/eng/prodev/download/s17.pdf
Next page >
P.1 of 5