29 Jul 2011

Internet password standards needed

Corporations with large web presences should consider forming a consortium to set standards for internet passwords, computer security expert Tom Kemp wrote recently on the Forbes tech blog.

Kemp suggested the credit card industry's Payment Card Industry Data Security Standard, which streamlined and secured the way merchants processed credit card payments, could be a useful model for how to standardize internet passwords. After a consortium of companies defined best practices, websites could be awarded a seal indicating they met a minimum standard of password security. Kemp recommended standards such as minimums for password length and complexity, encrypted storage and automatic lockout on accounts after a certain number of failed login attempts.

While Kemp admitted this plan could be more a pipe dream than an actionable strategy, he stressed something has to be done to address the proliferation of internet passwords, given the increasing number of sites requiring them and the increasing number of worldwide internet users. He pointed out consumers are bearing the burden of formulating good passwords and keeping them all straight, but this is not the most effective way to maximize internet security.

Last June, hacker group LulzSec posted 62,000 email addresses and passwords it collected during internet intrusions it had undertaken.