Passwords are proving that they are often the weakest link

Commenting on reports that hackers can now gain ready access to the password hints file(s) on Windows 7 and the upcoming Windows 8 platform, SecurEnvoy says this is just another example of how the integrity of passwords has become seriously eroded in recent years.

According to the company’s technical director, Andy Kemshall, it is thanks to security faux pas in the many millions of lines of code that goes to make up an operating system and/or major program suite these days – coupled with the ability to brute-force millions of passwords per second – that passwords are proving that they are often the weakest link.

“This news story does not fill me with enthusiasm to rush out and upgrade [to Windows 8] , but it does encourage me to look more seriously at how I secure my desktop and laptop computer against prying eyes.” -– Andy Kemshall, SecurEnvoy technical director

Commenting on reports that hackers can now gain ready access to the password hints file(s) on Windows 7 and the upcoming Windows 8 platform, SecurEnvoy says this is just another example of how the integrity of passwords has become seriously eroded in recent years.

According to the company’s technical director, Andy Kemshall, it is thanks to security faux pas in the many millions of lines of code that goes to make up an operating system and/or major program suite these days – coupled with the ability to brute-force millions of passwords per second – that passwords are proving that they are often the weakest link.

“It’s ironic that this story should have broken just a few months before Windows 8 – Microsoft’s next-generation and apparently secure-enhanced operating system – is formally released. This news story does not fill me with enthusiasm to rush out and upgrade, but it does encourage me to look more seriously at how I secure my desktop and laptop computer against prying eyes,” he said.

“If passwords just don’t do the job, then people have to turn to multi-factor authentication to help protect themselves. Unfortunately, as a growing number of users of online banking have discovered in recent years, it’s a real pain having to tote a hardware token around with you all the time, especially when you find that – when you really need to check your bank account – you don’t have the token with you,” he said.

“It’s for this reason that we have developed our tokenless 2FA technology, using mobile phones to ensure that – even if hackers do gain access to a passphrase hint file – those online sessions defended by tokenless 2FA remain 100 per cent protected,” he added.

The tokenless 2FA specialist’s technical director went on to say that, as computing power and ingenuity increases in the future, these (lack of) security issues will almost certainly raise their ugly heads with increasing frequency.

Category: Industry News