These days, using a computer means managing an arsenal of passwords for work, home, e-mail, banking, shopping sites, travel sites, even for online contests. The goal of passwords is to help keep data safe. However, to do their job effectively, there are some key points to remember when using them. With so many passwords, it may seem easier just to use the same one for each login, or to use a couple of favourite names or words. Tempting, but some websites do not have strong security.
The risk is that an attacker could gain access to the password file of say, a greeting card site, containing login information of hundreds or thousands or even more users. If a member of that site uses the same user ID and password for a payment site such as PayPal, it could be used to access personal financial data. It is much being like a burglar finding a key for an apartment building and then trying the locks to see how many doors open.
Using Strong Passwords
A password should be sufficiently long and complicated to make it difficult to guess. One trick is to use mneumonics. Instead of using a common word, the first letters of each word of a phrase is used to make the password. For example, “Joe will have 2 servings of spaghetti for dinner” becomes “Jwh2sosfd.” This is much more difficult to guess than just “spaghetti” even using a password cracking program.
Adding numerals or symbols to a password makes it harder to crack. A password cracker has to guess the correct string and may try to use all possible combinations. By using numerals or symbols, this will increase the number of possibilities and cause the process to take longer. Also, this approach encourages computer users to use passwords that are not common words.
Short passwords should be avoided. A three character password can be guessed in a reasonable time by a motivated individual and very quickly using software. Passwords eight or more characters long will make for better security. However, in his 2006 article, Password Size Does Matter, Roger A Grimes recommends using a password of at least 15 characters to keep it from being cracked.
Keeping Passwords Confidential
Passwords should be known only by the computer user and the applicable service provider. They should not be written down since they may be viewed by someone else. Writing down a password makes it simple for another person to pretend to be another user. If, say, login information is written on a Post-it stuck underneath a keyboard, another employee can use that to gain unauthorized access to files.
Since there are so many computers attached to the Internet, performing online transactions carries the risk of being seen by another person. To minimize this risk, when making an online purchase, a secure site should be used. The beginning of the website address may read “https:” which Eric Lawrence explains in his 2006 article HTTPS Security Improvements in Internet Explorer 7, this indicates a site that will use encryption to hide information being sent over the Internet so that no one can read it along the way.
It is important to use unique passwords for services that store personal financial data such as banking and payment sites. This reduces the risk that a password stolen from another site list could be used to access the confidential data. Shopping and travel sites may keep credit card information so those should be unique as well.
Online Access Using Biometric Devices
A biometric device uses some sort of physical attribute to identify a person. For example, a fingerprint reader can be attached to a computer to simplify the login process. Passwords are recorded once for setup, then, logins are performed by just the touch of a finger. That means there are no more passwords to remember.
It is always good to remember that a password is like a key to a home. Computers, like houses, contain precious items. By following effective password practices, computer users can better protect their data from unwanted access.
 |
