Monday, March 17, 2008
Password Security: More Important Than Ever
By Dan Davis
If you visit an e-commerce or informational web site today it’s more than likely that they’ll ask you to register before you gain access.
Sometimes, this can be a good thing. For example, if you do business with a company on an ongoing basis, filling out a registration can save you time when you revisit the site to make your next purchase.
The problem that I have with a lot of these sites is that they feel they understand your security needs better than you do. An example of this is when you fill out the registration, and the site gives you back an error that says “Password must be between 5 – 8 characters,” or “Passwords must contain at least 1 special character and 1 number.”
There are several problems with this approach as I see it. The first is, when you define rules for a password, you minimize the number of possibilities for the password and thus, make it less secure. If I were to write a program to hack the first example, I would eliminate all guesses that contained 1-4 or 9 -1000 characters! This would really save me a lot of guesses! The larger problem is, with so many sites dictating so many rules, it becomes impossible for someone to remember what they put down the next time they visit the site.
In my view, security is best left to the user. In this way, they can determine the appropriate strength for their password, and one which they will be able to remember.
Some registrations on PlanWell and EWO provide access to private project information or the ability to charge to a company’s account. For this reason, customers should be encouraged to choose a fairly strong password.
Longer is Better
With each successive character, your password becomes more than 100 times more secure.
Keep it Random
Keep a book handy next to your computer. For each strong password you need, choose a number. Go to that page in the book, and use the first letter from each of the first 15 sentences as a password. Don’t lose the book!
Include Numbers and Characters
Many people will replace letters with similar looking numbers like “5umm3rt1m3” for “Summertime” or “pa55w0rd” for password.
Change it Every now and Then!
In some work environments it is possible for people to come to know your password. Computers get left logged in, or you give it an assistant when you are on the road. Changing your password could defeat this.
Share these tips with your customers, and let them decide how strong their passwords need to be. But keep in mind: the worst password is the one you forget!
Dan’s Tech Tip
Did you know: On Windows XP, a blank password is more secure than a weak password. XP accounts with a blank password may not be accessed across a network or the Internet. However, this would only make sense if computer were kept in a secure room, or if others in your company needed access to files on the computer.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment