Sub Total
Excluding delivery and voucher code discounts.
Go to basket

Free Delivery on all orders to UK mainland within 3 working days.

HP Tech@Work
Today's trends for tomorrow's business
Stop using passwords… until you understand the risks

Stop Using Passwords…Until You Understand the Risks

We all use passwords to access and protect sensitive online data—whether it's logging onto the network at work, shopping for goods on the web, or accessing personal email. Passwords are a basic function of the way we work, live, and socialize; yet as anyone who has had an account hacked can tell you, password protection is far from perfect.
With personal data playing an ever-larger role in the way we do business, current password functionality is in need of an overhaul. If you're looking for a better way to secure your personal and professional data, here's what you need to know.

The problem with hashing

In theory, passwords should work: if someone doesn't know your password, they shouldn't be able to log into a site or an account as you. Unfortunately, outdated storage methods and a lack of universal best practices have made it increasingly easy for hackers to get their hands on your passwords—and your data.
Each time you register a password with a website or service, that organization needs to store your password somewhere in order to authenticate your identity later. Some organizations store your password as plain text, which leaves you and your data extremely vulnerable if the sites' password lists are accessed by unauthorized users or hackers. Security-minded sites take pains to create a protected version of your password known as a “hash,” dicing up your password into small pieces and rearranging the pieces so that they no longer resemble the original. In this case, when you re-enter your password, it goes through a hashing function where the result is compared to the stored hash for verification.
The thought behind password hashing is that if hackers manage to breach a website or online service, they won't be able to steal users' intact passwords. Instead, the hackers will be left with difficult-to-crack hashes that are either unusable or take a very long time to reverse engineer into passwords. However, with the rise of powerful, off-the-shelf components such as modern graphics cards and lists of pre-generated hashes for short passwords, hackers can easily reverse engineer passwords.
A modern high-end graphics card, for example, can easily perform more than 600 million SHA256 hash operations per second. A few of these relatively inexpensive cards arranged in an array can try every possible eight character password in about seven days. While that's impressive enough already, attackers have far more advanced ways to crack hashes, and with the right tools they can crack hundreds of passwords per hour.
“Online sites are aware of these issues,” explains Jim Waldron, Senior Architect for Platform Security at HP, “and so some of them have increased the security by adding secret questions and answers like: ‘What is your mother's maiden name?' Unfortunately, much of this ‘private' information can be legally purchased from online data aggregators.” In other words, even users' private personal information is no barrier to a determined hacker.

The problem with best practices

To make the situation worse, once a hacker obtains a user's password, they can use this information to try and access the rest of the user's online accounts—such as their email or bank accounts. The reason for this is that most consumers—and businesses—skirt password best practices.
A secure password should adhere to three basic rules:
  • It should be long—at least 16 characters[1]
  • It should be complex—containing uppercase letters, lowercase letters, numbers, symbols, and spaces
  • It should be unique—i.e. you only use it once
You're probably familiar with at least a few of these rules. Many password systems require users to create passwords of a certain length and complexity, but the resulting passwords are hard to remember and many users recycle the same password multiple times. In fact, 54% of consumers use five or fewer passwords across their entire online life, while 22% use three or fewer.[2]

So what's next for passwords?

With all these issues, combined with an increasing number of high-profile online data breaches, the public is losing faith in passwords. Nearly 70% of consumers report lacking a high degree of confidence that their passwords can adequately protect their online accounts—and they're calling on online organizations to add another layer of security to the process.2
“At a very high level,” says Waldron, “what we need are new, more secure methods for users to identify themselves to online services—methods that are also easy for users to perform.” While broad changes will take time and a large joint effort, there are some immediate actions businesses can take to improve their own authentication methods.
Passwords are still an important security feature, despite their many problems. Check the strength of your passwords—make sure they are long, complicated, and never repeat. If you own an HP business PC, you already have access to HP Password Manager (part of the broader HP Client Security Suite) which can store your unique passwords for you. This is an efficient way to eliminate the headaches normally associated with remembering complicated passwords across multiple sites. You can also try to institute several layers of authentication at once—such as a fingerprint reader plus a password, or an iris scanner plus a smartcard reader. This is known as multi-factor authentication and is much more secure than any one method alone.

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

Disclaimer

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

“Best All In One Printer” and “the easiest printer you’ve ever had to set up” from Wirecutter. ©2020 The Wirecutter, Inc.. All rights reserved. Used under license. https://www.nytimes.com/wirecutter/reviews/best-all-in-one-printer/

Get Marvel’s Avengers when you purchase HP gaming PCs with qualifying 9th gen or 10th gen Intel® Core™ i5, i7 and i9 processors. Redemption code will be sent out by email within 60 days of purchase. Limited quantities and while supply lasts. Offer valid thru 12/31/2020 only while supplies last. We reserve the right to replace titles in the offer for ones of equal or greater value. Certain titles may not be available to all consumers because of age restrictions. The Offer may be changed, cancelled, or suspended at any time, for any reason, without notice, at Intel’s reasonable discretion if its fairness or integrity affected whether due to human or technical error. The Offer sponsor is Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95054, USA. To participate you must create an Intel Digital Hub Account, purchase a qualifying product during the redemption period, enter a valid Master Key, and respond to a brief survey. Information you submit is collected, stored, processed, and used on servers in the USA. For more information on offer details, eligibility, restrictions, and our privacy policy, visit https://softwareoffer.intel.com/offer/20Q3-19/terms.

© 2020 MARVEL. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

The personal information you provide will be used according to the HP Privacy Statement (https://www8.hp.com/us/en/privacy/ww-privacy.html)