Musings on the Password Problem

Do you ever think it’s surprising that we’re still using passwords and PINs for so many important parts of our lives. After all everything from paying bills, email, banking to applying for stuff online seems to need a password. The human brain is really suitable for coping with so many possibilities, although perhaps I should say the brain is more than capable but our memories aren’t! I think it was about twenty years ago I fitted some thumprint scanners to a network I worked on in the North of England, and they worked pretty well – yet I don’t see stuff like that around routinely. You’ll find the high tech logins in Silicon valley companies but they’re not common place outside there.

Assuming That you are actually similar to me, you have dozens of IDENTIFICATION,/ password pairs on different computer systems all around the Internet. By simply inputting in an ID, we lay claim to an identity, and the password is used to verify that we are actually allowed to do so. The system uses the identity represented by the ID to link up attributes with the holder of the ID. Strictly speaking, ID and username and password systems are actually a two-factor authentication system with the ID representing something I possess and the password being something I know. The complication, needless to say, is that an ID is actually usually public and is easily copied. Indeed it’s almost trivial to intercept over some Wifi systems which is why it’s advisable to use something like a UK VPN connection which will encrypt these passwords in transit.

As a result, most ID and password systems are almost as poor as a one-factor system. Password management The greatest advantage of ID and password systems is their ease-of-use and familiarity. The greatest drawback is their dependence on passwords. Theoretically, considering that passwords are confidential (something you know). they are secure, and only the entity with the secret can disclose it to the authorization system. In practice, passwords suffer from many considerable limitations:’ Individuals can remember only a minimal number (around eight) of items with perfect accuracy. They usually have multiple passwords that they are trying to remember. As a result, people generate passwords that are short and simple to remember. They also tend to make use of the same password for numerous credentials. ‘

Easy to recall passwords could be easily guessed by an attacker. Perhaps even pass words that have no connection to the entity that holds them can be effectively guessed if they are what are referred to as “dictionary words.” The very best passwords would certainly be long, random strings of characters, but individuals can’t remember very long, random strings.’ People (and even machines) can be deceived into revealing the secret password to an attacker. This might be done, for instance, simply by creating phony login screens. Another common technique is known as “social engineering” where the attacker get in touches with the person and tricks them into disclosing his password by posing as an administrator or someone else the person trusts.’ People write passwords down. Passwords get stored in files on computers.

This makes them susceptible to theft and misuse. These types of problems don’t have straightforward solutions. Many IT departments institute a password aging policy that forces users to change their passwords on a periodic basis to mitigate loss or sharing. They also frequently enforce rules about password structure in an effort to make passwords less guessable. The rules may disallow dictionary words, require passwords longer than six characters, or require passwords to contain a mixture of letters, numbers, and punctuation. Often, the result of these kinds of policies is that users give up trying to remember their passwords and simply write them down and paste them to their monitors or stick them in the pencil drawer.

Further Information:

Leave a Reply

Your email address will not be published. Required fields are marked *