When Does A Password Make You Less Secure?
|
Posted by Ken Molay
|
Many years ago I had occasion to visit a bank headquarters on a programming job. We went into a secure computer room and I noticed a computer terminal on a table all by itself in the middle of the room. My host said that this was the sole access point to look at account information for any of their customers and that I shouldn't touch it. And there, scotch-taped to a pole next to the table, were the logon instructions with the incredibly complex password needed for access. Nobody could ever remember it, so they had written it down for reference.
I was reminded of this blast from my past while working on a client webinar today. They had set up their conference in Microsoft Live Meeting and let the software default to picking the attendee password for the event. If you do that, Microsoft chooses a password comprised of upper and lowercase letters, numeric digits, and punctuation marks. So all attendees were supposed to log in using something like qP{4,X as their password.
The problem with a password like this is that it makes your event less secure, rather than more so. Passwords of this sort are designed to thwart "brute force" hacking programs that try sets of common words and birthdates in an attempt to access a protected area. Do you really think a competitor is going to programatically attempt to break in to your meeting with a sophisticated password hacking generator? No, they are going to look for a piece of paper with the entry password written on it. That is the method of choice for the vast majority of security breaches in the world.
The fact is that using the same event-level password for all attendees is not a security feature... It's just something to inconvenience people who stop by too see if they can easily log in without an invitation. Once you've emailed the same password to all registrants and told them that this is how to access the event, security ceases to be a factor. Any one of them can email the instructions to anyone else they want to give access to. You might as well make their lives easier by giving them a code word that is easy to interpret and remember.
Event security starts to make more sense when you give each registrant their own individual login id and password. Unfortunately, very few web conferencing systems offer this as an option. If you take this route, try to make the password easy enough for each person that they don't have to write it down and stick it to the side of their computer!
But honestly, in most cases the fact that you have a password of any sort is enough to keep the unwanted away. Competitors will log in if it's easy, and they'll go on to other tasks if it involves time or effort. You might as well remove a small frustration for your registered attendees and give them something they can pronounce.
Other posts by Ken Molay
- Bulletproofing Event Audio
- I Don't Like Mondays?
- Don't Go Greyhound - Go Virtual!
- Will ISPs Kill Web Conferencing?
- How To Drive Adoption Of Web Conferencing In An SME
- Oprah's Webcast Exceeds Operating Capacity
- Web Conferencing Survey Results
- West Grabs Genesys
- Warrillow Report On Marketing To Small Businesses
- Why You Should Thank Oprah
Recent posts
Featured posts
Subscribe to or syndicate WebinarWire
Search EventSpan.com for upcoming or recorded online events:
Webinar Wire is part of the EventSpan publishing network.