It seems a never ending battle explaining to users about levels of authority and why passwords are there in the first place but when it drip feeds into people who should already know better then you know you’ve got your work cut out for you.

Two factor authentication has to be the answer as, in my opinion, passwords have pretty much had their day as security methods alone. At least with two factor authentication if a password is released it’s useless without a hardware token.

Their has been a recent request to release our VPN secret key (which I hold dear) to a third party company owing to the fact that our ERP system is used by an associate company and the third party want their remote users to access the system but want to install the remote access software themselves (and consequently need the secret key to do so). This sends shivers down my spine but I don’t think I’m going to win the morale battle on this one so I need a solution and I need it soon.