EXPOLORE MIND Tutorial ? JIQA Biography News
PRV MENU NEXT

Passwords

Course- Cyber >

Passwords – something you know – have been used for a long time to authenticate a person’s identity. There are other ways of doing this, such as “something you have” such as a device, a card or a SMS enabled cellphone and “something you are”, say a fingerprint scanner. All of them are in common use.

Why is this an issue?

Because passwords are so widely used, one that is too simple and therefore easy to guess may allow others to impersonate a person and misuse or abuse their privileges. They could do so by making inappropriate postings in a social network, unauthorized online purchases and clean up your bank accounts.

 

In the same way as we all carry bunches of different keys: front door, garage door, car, desk drawer, etc. good practice requires that the passwords to our computer, vault and all online accounts should be different and hard to guess.

 

Not surprisingly, people often use the same password for all their devices and accounts. Worse, these passwords tend to be easy to guess. Studies have revealed that one of the most common passwords in use are “password”, “123456” or a date of birth.

 

What you should do about it

The real problem with having many different passwords is that they are hard to remember and therefore, have to be written down. This greatly weakens their usefulness is someone else can get a copy of the written record. One way to reduce this risk is to store the passwords in a vault, as described in a previous section.

 

Stronger passwords can be generated in several different ways. One is to mix lower and upper case letters and then replace some letters by numbers. Then add somewhere a non-alphanumeric character, for example 3dW@rd. (strangely enough, some websites only allow alphanumeric characters)

 

Another way is to do as above by using the irst (or second or any other) letter of an easy to remember phrase. For example the password TwBatST@72 uses the irst letter of the starting words of Lewis Carroll’s poem “Jabberwocky”: “Twas brillig and the slithy toves” followed by the @ sign and the last two digits of the year of its publication (1872).

 

Alternately, thereareseveralwebsitesthatgeneratenon-guessablepasswords– forexampleapronounceable kuxoro22 or an unpronounceable 5+@7kgsq. Some vault products also include password generators.

 

WARNING: an inability to keep good records of such passwords could cause you considerable trouble should you lose them. A vault and good backup practices are good things to consider.

 

Unfortunately, there is no such thing as an unbreakable password given enough time and computing power. This is why the use of two-factor identification is growing, particularly by financial institutions and credit card companies.

 

In two-factor authentication the end user (you) is given a device (looks like a calculator that can read a smart card). This device has its own password (often six digits – see the next section on PINs) and generates a one-time passcode. Other arrangements involve sending a validation code to your mobile telephone. WARNING – by adopting this you may need to carry with you yet another device.

PRV MENU NEXT