The Password Problem: The Most Common – and Avoidable – Threat to IT Security

Computerworld’s Jaikumar Vijayan story today on the Utah Department of Health security breach that exposed approximately 280,000 Social Security numbers highlights a point we’ve written about many times in the past: Weak, easy-to-guess passwords are perhaps the biggest threat to IT security. According to Vijayan:

“ … the hackers -- believed to be from Eastern Europe -- exploited a configuration error at the authentication layer of the server hosting the compromised data, according to Utah IT officials.

Many security analysts see that formal explanation as a somewhat euphemistic admission that the breached server was using a default administrative password or an easily guessable one, thereby allowing the attackers to bypass the perimeter-, network- and application-level security controls built to protect the agency's systems.

While such mistakes are easy to avoid, they're surprisingly common despite years of warnings about the dangers of using passwords that hackers can easily guess."

More often than not, these data breaches aren’t the result of elaborate plots. The hackers simply exploit companies’ weakest link: employees.