Welcome to AKT Securikey

1. Why don't passwords work?

Weak passwords can be easily guessed

One reseller estimated that 80% of his clients used the word "password" as their Windows® logon password.

Weak passwords that take only seconds to compromise include names of close relatives, pet names, anniversary or birth dates, maiden names, common English words or combinations of the above.

Strong passwords get written down

Strong passwords contain at least eight alpha-numeric characters mixed in such a way that no English words are created. One network administrator was appalled to find post-it notes containing logon passwords stuck to the computer monitors of his users after issuing "strong passwords".

Strong password policies require passwords to be changed frequently (every 30-90 days). Users simply cannot remember long strings of meaningless text, especially if that string changes every 30 days. They think their only hope for logging on, is to write down the string and hide it from the network administrator somewhere in their cubicle or work-space.

Even strong passwords can be cracked

The CERT® Coordination Center, a security clearing house and part of the Carnegie Mellon Institute, commissioned and then published research by Dr John D Howard. The following is taken from his paper entitled, "An analysis of Security Incidents".
"8.1.3.1 Password Vulnerabilities - The most frequently recorded vulnerability involved various problems with passwords, which were mentioned in 938 incidents (21.8%, column 18, Figure 8.3). There were 16 different combinations of keywords that indicated password problems. Most of the password vulnerabilities were in three categories: password files, generally indicating that a password file had been copied (592 incidents, 13.8%, 63.1% of password vulnerabilities), password cracking, which indicated that passwords had been determined by the operation of a password cracking tool (448 incidents, 10.4%, 47.8% of password vulnerabilities), and weak passwords, which could be easily guessed (156 incidents, 3.6%, 16.6% of password vulnerabilities). It is interesting to note that password cracking was recorded as an exploited vulnerability in nearly an order of magnitude more incidents than the tools used for the cracking (448 incidents mentioning password cracking, compared to 52 incidents mentioning password cracking tools)."