Failure to properly instil a culture of effective password management in a company could land its directors in jail, while wading through alternatives to "fatally flawed" passwords is a process mired in "fear, uncertainty and doubt" according to experts on all sides of the debate. The only given is that the need to get it right is now more pressing than ever, according to one top lawyer. David Naylor, partner at law firm Field Fisher Waterhouse, said companies need to ensure they have strict policies in place regarding password management and said best practice would be to incorporate these as requirements in the company's contractual arrangements with employees and third-parties with access to the company systems.

Naylor said: "Companies should make certain that employees and contractors are aware of the importance of maintaining systems security and the need to keep usernames and passwords secure and confidential. "If a company does not ensure security of its systems, any failure to maintain personal data securely may constitute an offence under the Data Protection Act 1998, opening the company to potential regulatory intervention and fines, and possibly civil and criminal liability." In addition to the legal risks, security breaches can lead to plenty of equally serious business and reputational damage.

The link for this article located at silicon.com is no longer available.