As digital becomes more embedded in aspects of our everyday life, the challenge of password management becomes increasingly pertinent. Phil Morley, our Director of Employee Engagement, seeks a solution to this conundrum.
We have worked on a number of employee engagement campaigns relating to information security. Whilst they each have unique challenges and solutions relating to the specifics of culture and context, they are often addressing similar risks and behaviours.
Our recent cyber-security work for Amadeus
Take passwords. As digital becomes more embedded in aspects of our everyday life, the challenge of password management becomes increasingly pertinent. It is a particularly ‘hot’ topic for me as I have just had to be reminded of the password for the app on my phone that adjusts the central heating.
If I stop and add up just how many passwords I am expected to recall, it’s easy to see why the relevant memory limit gets exceeded.
Every year there are countless surveys proving that many of us use the most blindingly obvious weak passwords. So, in a bid to be good, I do try and comply with the principles of mixing it up a bit and refrain from too much duplication – even though it is really tempting. But those infrequently used ones are the real problem, and they keep multiplying in both number and potential impact on my everyday life.
So what to do? I was recommended by someone in the know to look at password vaults as they provide a single, safe place where you can store lots of them. But, here’s the thing, the one that I tried had a mind-boggling fundamental flaw.
The theory is that you just have to recall one master password – one thing to rule them all. So after finding the site and providing some personal details, I got the chance to enter my master password. And I decided to put the system to the test – I typed in the worst password I could conjure up, by combining two of the top three dumb passwords: 123456qwerty. (By the way, the 2nd most popular in the survey I was referring to was 123456789, and the fourth was 12345678 so we are talking about a pretty concentrated area of naivety here).
"To my horror, the password barometer informed me that this was a suitably difficult password."
It wasn’t the full bar, but it was 80% there and vault system accepted it as a suitable master password. Needless to say, I decided not to use this to protect myself.
Coincidentally, the same day I also needed to call my bank. Having gone through the usual security, they advised me that they were introducing voice recognition – in case I was interested. I was indeed interested but not with respect to actually using it. I read recently that a major software company is working on a new product that will let you manipulate voice recordings just like you do your holiday snaps – you can make them seem like somebody else.
And there are plenty of decent impressionists out there, many of whom, I’m sure, would be massively incentivized to mimic by West Country tones. In any case, I had a cold, and a rasping croak to offer as identification.
Biometrics, like fingerprints and retina scans, were put forward as a possible solution, but do not seem to have caught on beyond the cinema screen.
So for me, it’s back to basics. Good old creativity.
I am going to devise a system that builds out from the decent password I developed in vain for the vault. I am also going to revisit a book on memory that I own that once enabled me to recall 20 random words in order. If only I could remember where that book has gone.
In this amazing digital world, it’s easy to get caught up in the halo effect and think that the answer to everything is digital. Or that a digital solution is always best. Or, indeed, is even needed…as proved by the invitation on my jar of peanut butter to go onto Twitter to say ‘hello’.
Sometimes it’s simpler and better to go back to basics. To step back and remember that we are human after all. And that we are equipped with the most sophisticated technology in the known universe, and the ultimate means of protection when it comes to information security- our brains.
All we need to do is inform and influence the owners and operators.
If you would like to talk to us about your cyber-security communications or employee communications, please contact Phil Morley or speak to any of our global team.