Passwords are required everywhere. Whether it is a password for an ATM or an email account or online financial transactions, it provides a security blanket for authorized people to access these systems. A combination of letters and numbers to login into a system is all that is takes to create a password. Birthday dates, anniversary dates, social security numbers etc. are some of the common considerations one makes while deciding on a password. Some people prefer using automated tools to generate passwords.
The question is how safe and reliable are these passwords in preventing unauthorized access. Security of a system is often compromised when people tend to leave their password either written on post-its on their monitors, store it in a cell phone or jot it down in notepad. This tendency to write down or store password to prevent forgetting, often exposes the system to unauthorized access and thus leads to unwanted intrusion.. There are various reasons and factors responsible for compromise of security due to passwords.
Some of the common errors people commit while deciding on a password is that they choose an easier way out. They create passwords which are easy to remember but also very easy to guess, such as passwords based on personal information. Since these passwords are at a greater risk of being discovered another approach is to decide on a very difficult cryptic password. The disadvantages of these hard passwords is that they are tough on human memory . In a survey it was reported that nearly 66% of people in USA write down their password in unsafe places thus unknowingly risking the security.
Most of the websites provide the option of saving the user name and password for easy access. Also the job of resetting the password every now and then is perceived as routine. Another very common mistake people do is that they use the same password to access a more than one system with which they interact. One the security of such a system is compromised, the hacker can easily gain access since the same password applies to almost other systems as well. There are certain guidelines which should be adhered to so that passwords are chosen in to ensure security.
It is best to avoid passwords based on personal information such as spouse name, anniversary dates, dictionary words etc. Hackers can easily gain access to such passwords. Similarly longer passwords are a better option as it requires various permutation and combination to guess it. If the passwords are made up of only one character say uppercase/lowercase letters or numbers then it would take only 62 combinations to discover the password. Likewise two character passwords would require 3844 combinations and for an 8 character password it would take nearly 218 trillion combinations.
Usage of dictionary words should be avoided as it is easier for hackers to guess. If users find it difficult to remember to their passwords, it is better to write some hints rather the password itself. A common password should not be used for various accounts on a system. If the hacker succeeds in guessing the password , then the security of all other accounts will also be at a risk. Organizations should enforce password resetting after a stipulated period of time. In case employees/users don’t comply, systems should automatically reset the passwords.
People often use internet at public places such as internet cafes. Logging in from a machine in public places should be avoided. They should be careful not to store their passwords on publicly shared machines. Even though passwords provide cheap and easy way to secure systems , in today’s era of sophisticated technology they are not sufficient enough. Account holders of Bank of America have to verify an image and phrase along with the password to log in. Some banks and financial institutions are using biometric techniques along with passwords to login.
Scanning of fingerprints or eyes especially the iris, voice recognition systems is used along with passwords when the user wants to login. Software programs such as Handy Password and RoboFormPro, store all the passwords in a database. Logging into the database requires a master password. Some companies issue small devices similar to keychain which require a regular password to generate another password based on certain characteristics such as time. One then requires the newly generated password for logging in.
Thus having the device or the password alone are not sufficient enough to gain access to the system. Banks in Singapore apart from the regular password , require a second password which is obtained by calling or text messages to carry on with financial transactions. Conclusion It is difficult to remember passwords, but at the same time it is even more complicated to remember or use the number of add-ons provided with passwords. Organizations and banks should realize that by using too many authentication aids in conjunction with passwords, they may compromise with the ease of use of systems.
Users should take the responsibility of choosing their passwords by following guidelines provided. A length of at least 8 characters, combination of upper case and lowercase letters and numbers would make password guessing a time consuming job. People should realize that administrators lay down policies regarding passwords are in the interest in security of their information. By following simple rules of not sharing or revealing passwords to anyone and resetting it regularly can help people in protecting their privacy.
References Goldwasser, J. , & Anderson, T. M. (2007). Passwords + Pictures = Security?. Retrieved from http://www. kiplinger. com/magazine/archives/2007/06/password. html Simple passwords no longer suffice. Retrieved from http://www. msnbc. msn. com/id/5112838/ 66% of US employees write down passwords in unsafe places. Retrieved from http://www. itfacts. biz/66-of-us-employees-write-down-passwords-in-unsafe-places/10203 Password Policy Guidelines. . Retrieved from http://www. psynch. com/docs/password-policy-guidelines. htmlSample Essay of PaperDon.com