A more radical approach to access security is required for organisations and businesses.

 

Following Australia celebrating ‘change your password day' as part of its National e-Security Awareness Week, GrIDsure chairman Jonathan Craymer claimed that while the initiative should be commended, there is a need to not just look at changing passwords, but to change the entire system.

 

Craymer said that the belief that passwords are both free and secure is a ‘common myth', but this could not be further from the truth as the cost of a password reset can be extortionate.

 

Research from META Group and Gartner suggests that for an average organisation there are about 6.3 password-related helpdesk calls per user, per year and Forrester estimates that each call can cost businesses between $25-75 USD. For a lower cost estimate for a typical 1,000-user company, it could be spending between $157,500 and $472,500 on maintaining their ‘free' password system every year.

 

Craymer said: “GrIDsure has spoken to enough IT managers and users across the UK to know that they are fed up with so-called ‘strong passwords' that require a mixture of numbers and capitals.

 

“These passwords usually have to be changed every 60 days and can become impossible to remember, so staff often end up writing them on a post-it note and sticking it on their monitor or under their keyboard – and how secure is that?”

 

Craymer believed that businesses should not ‘continue to delude themselves by thinking passwords are a low cost and secure option for authenticating individuals on to PCs, smartphones and web-based portals. They must realise that there are much more secure, cheaper and manageable systems available'.

 

He pointed to tokenless two-factor authentication alternatives to passwords and PINs as a more secure, easier to use and cheaper solution.