Work with users on password security rather than forcing it on them
Work with users on password security rather than forcing it on them

Password policies should work with what a user is most comfortable with, not deemed by IT or technology.

Speaking on an SC Magazine webcast, Pamal Sharma, head of IT at Fujifilm, said that the best way to help people remember passwords was to plug into the way a user works and understand what they are into.

He said: “The people thing I found really difficult to conquer when I first began working with people and the way people work, there is a secret to this, and I say ‘what do you want to do with this, how do you want to remember it without writing it down'.

“This is often a trigger for a lot of people and they find their own way without having to help them. Get them to find a mechanism to remember the password like changing every Z into a 2 and using phrases but it is using their own mechanism and way that they can remember.”

Stephanie Damon, CEO of the Cyber Security Challenge, said that she agreed with this concept, and said that work the challenge had done in schools on ciphers had made things fun, as people were encouraged to find their own way to create things.

“I really do think in this space that is the only way it is going to work, but what I do is think of something that means something to me, and work from there,” she said.

In a poll run during the webcast, 29 per cent of listeners that they remembered between zero and five user name and password combinations, the same number also had to remember between six and ten combinations. Two sets of 21 per cent had to remember between 11 and 20 and more than 20 combinations.

Damon commented: “I think I have between 12-13, which is too many and we're told not to write them down and I come back to the convenience factor. If we are brutally frank, who can remember that many passwords? I spend half my time on reset your password sites as I have forgotten one of the relevant ones.

“So all I would say is be more clever as we want people to be more secure with their data, but we need to take some regard of convenience and reality, and I am not sure we are doing that at the moment.”