As imperfect a means of authentication as they are, “memorized secrets” like passwords, pass phrases and PINs are common, and indeed are the primary means of authentication for most computer systems. In June, the National Institute of Standards and Technology issued a new publication on digital identity management that, in part, recommends changes to password policy that has become standard in many organizations—policy requiring passwords with special characters.
The three popular articles this week on HRinfodesk deal with: a warning from the Privacy Commissioner not to reuse passwords, a company that contravened privacy law by releasing the results of an employee's drug test and Alberta's investigation of serious workplace health and safety incidents.
The Privacy Commissioner Canada has recently released some tips for mitigating risk to businesses involving passwords. One main problem is that individuals use the same password for multiple accounts – this puts them at a much higher risk of experiencing a breach.