View and vote on the article here: Password Security ? Simply Simplistic
Password Security ? Simply Simplistic| Category | | | Summary | | Today there is an ever increasing concern about security. All the big firms, schools, universities and even home computers have passwords. They might even have more than one password. But the sad fact is a lot of firms and schools really make their |
| | Body | I have heard of several password policies that would be very hard to enforce. Among the most common are the ones to have all employees change their password every thirty days. This might sound like a good idea, but let's think about it. If you are the administrator of two or three hundred people or more, you would have a constant rush of people having to change their password and people forgetting their passwords. This would result in making more people write down their password, which would make it even easier to get for unauthorized access. If you're an administrator for a big group of people, you cannot rely on them to all be computer wizards. The stricter you make the rules, the more likely it is that somebody will forget their password.
The problem today is that everything has to be so high tech, you always need to have the best and longest password in the world, etc. But the fact is the people who know how to hack passwords would most likely hack a ?strong? one just as easy as a regular one. (Ed: of course there is an exemption to some hashes here, such as MD5, SHA-1, which can take minutes with a dictionary attack, but literally years for a brute force attack if the password is obscure.)
But there is an important difference here, between the ?super users', ?administrators' and the ?regular' users. The administrator should take every precaution they can, if an administrator loses their password it can spell disaster for the network, site or anything else they are controlling. An administrator should only use their administrator password when they must, and should never share it. The passwords should be stacked away in a safe or any other secure location.
We are all only humans we do forget and if we have to change a password every 30 days it will be hard to remember. The whole idea behind the password is to make the information on the computer unavailable for unauthorized personnel. But if we make the policy so hard that the person who is supposed to use it can't get in, we have failed.
I would just like to appeal to the IT security professionals out there, please think of the user and make it easy. The easiest way is often the safest.
Some of you whom read this might think it is harsh but this is just one view of many from the IT industry.
|
|
This article was imported from zZine. (original author: Norway)
There are no replies to this post yet.
|