International Cyber Expo International Cyber Expo
  • About Us
Saturday, 11 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Changing your password regularly won’t fix the problem – you need to change the entire password security system

by The Gurus
June 24, 2016
in Editor's News
Share on FacebookShare on Twitter

Industry practitioners concerned about weak passwords within the workplace need to understand that the solution to addressing this does not lie in the regularity in which passwords are changed but in the entire flawed process of password security systems, which needs to be abolished, according to Dave Worrall, CTO at Secure Cloudlink. Verizon recently released its annual Data Breach Investigations report, which reports on the major security breaches and methods used by hackers to compromise businesses and governmental organisations. One of the critical findings within this revealed that 63 per cent of confirmed data breaches surveyed were facilitated by compromised credentials, meaning they were caused by stolen or weak passwords.
The findings went onto suggest that a key contributor for weak and stolen passwords resulted from end users not changing default passwords. It also offered advise stating that firms should mandate all staff to change their passwords at least four times per year with more specific rules consisting of at least eight characters with an uppercase, lowercase, number and special character. While these recommendations should go some way to halting immediate threats, Worrall suggests it won’t eradicate them. In essence, we’ve reached a tipping point when it is time to rethink the entire system of password driven security:
“The findings from the Verizon report discussing the volume of data breaches being directly linked to compromised credentials are hardly shocking. The reality is most current password systems for business applications and websites are flawed. They are based on designs, which were deemed acceptable ten years ago but are simply not suited to cope with the modern demands and threats placed on it. Instead of trying to find better solutions, the IT industry has chosen to remain stagnant with its approach to password management and this is ultimately compromising users. It is essential action is taken to address this.”
Worrall continued: “The explosion of social media sites, businesses transacting online and the proliferation of mobile devices and applications in the workplace, means people are being forced to juggle multiple passwords across multiple interfaces. On top of this the need to refresh passwords on a regular basis combined with using a mix of letters, numbers and special characters only compounds further confusion.
“For a lot of users the easy option of simply keeping the same password across multiple applications and devices, and having the mind-set that “this won’t happen to me” often outweighs the effort required to manage this process effectively – this is something unlikely to change. This renders the password as an untenable means of authentication because of their fundamental security vulnerabilities, which is only accelerating by the dramatic shift to mobile computing and the ever-rising tide of data breaches.
“Ultimately, the password security system is there to try and make the user’s life easy while making the attacker’s life harder. Password security systems that ignore the user are going to fail the very community they are there for in the first place. Whenever users cannot manage a password driven security system, they are giving an advantage to an attacker who will be more than happy to try and exploit the system first. Historically, the reality is that once a breach has occurred then all passwords for all users are vulnerable. Changing passwords and adding biometrics helps mitigate the individual user controlled vulnerability of passwords but, critically as passwords are still used to authenticate users ‘behind the scenes’ the vulnerability to ‘men-in-the-middle’ attacks still exists.
“Passwords, in one form or another, have existed as a means of security for a generation. And for most of their history, they’ve worked. But now that society has transitioned to digital combined with the regularity and sophistication of cyber attacks, security experts are now being required to put out fires all over the place, all while pleading with users to make their passwords more secure. The time is right to rethink the entire concept of the password,” concluded Worrall.

ShareTweet
Previous Post

Artificial intelligence: The return of the machinery question

Next Post

Internet Pioneer Discusses Creation, Expectations and Security of DNS on its 33rd Birthday

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol