Weak passwords bringing business headaches

As IT departments in all industries continue to craft elaborate strategies to guard against online security threats, a number of organizations seem to be overlooking the fundamentals of password protection.

The recent network breach discovered at an Illinois water treatment plan came as a surprise to many in the information security community. But perhaps most disturbing was one hacker's revelation in a Threatpost interview that suggested critical control infrastructure for the facility was guarded by a mere three-character password.

According to InfoWorld contributor Roger Grimes, the default administrator credentials favored by hardware and software vendors may be to blame for problems seen across all industries.

"The better vendors force users to choose a new password when logging in for the first time, require strong password and force adequate password updates after that," Grimes wrote in his latest column. "The worst vendors have products with hard-coded administrative passwords that cannot be changed."

To enforce strong security across company networks, IT administrators must ensure they have the ability to manage fundamental security controls for all utilities. Although it can be exhaustive for larger organizations, experts recommend using password manager software to develop and store unique passwords for all systems and ensure security without sacrificing convenience.