Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Employees have no qualms in selling corporate passwords

Taylor Armerding | April 7, 2015
Plenty of people are careless with their own personal passwords -- using the same one for multiple sites, and/or making them so simple that they are comically easy to crack -- but hardly anyone would intentionally sell them for a few bucks to someone they know would use them to do them harm.

And the website Malicious Link, in a recent post, argued that enterprises need to understand the psychology of employees and to provide incentives for them not to be tempted to sell their credentials.

If security professionals become, "familiar with the emerging studies under the banner of cognitive psychology/behavioral economics," they will be able to understand "irrationalities" in human judgment, and, "design better incentive systems and security control schemes," the post said.

The good news, according to Sudhakar, is that even if people willingly sell or compromise their credentials, technology has gotten better at spotting the inevitable breach that follows.

"Innovations in data science and machine learning are improving early breach detection from compromised credentials or insiders gone bad," he said.

That, combined with better training and an awareness of disgruntled employees, may be the best defense. As Frenz notes, passwords do have a major advantage over other, more secure, forms of authentication like biometrics.

"They are very easy to change once compromised," he said.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.