Thursday, May 14, 2009

Passwords

Your password is a lot like your credit card. Your credit card is how your bank or credit union determines whether you are who you say you are. This is a called authentication. The same principle is used with logging in on your computer or account.

Normally when the authentication process takes place we need a combination of two of three factors, either who you are, what you have, or what you know. With credit cards, when you are in the store they require the card (what you have) and your signature (what you are). When you use the ATM, your card is required (what you have) and a PIN (what you know). Most accounts online use only a password (what you know) to authenticate you. No, your user id is not what you are (we could use biometrics for this). This makes it extremely important that you use a strong password.

If someone else steals your password, it is basically the same as giving them your credit card and PIN. When someone uses a credit card at a bank ATM, they are
accountable for the withdrawals. When your user id and password is used to access an account, you are accountable for the actions performed.

Passwords can be guessed if you use information from yourself or family. There is software that is very effective at cracking passwords. The reason that a lot of accounts require you to change passwords regularly is to defeat ever-increasing processor capability. All passwords can and will be cracked. However if you have a strong password, it may take over six months to crack. If you use a strong passowrd, most password thieves will move on to someone else. You can see that it is important that you create strong passwords and protect them as much as you would protect your credit cards.

How do I create a strong password?

It does no good if your password is so complex that you have to write it down to remember it. Our present standard for passwords is that they be eight characters and contain a mix of alphabet and number characters. You can also use upper and lower case and special characters
to make it even stronger. Special characters include the space bar, all the characters above the
numbers, and brackets.

The best way to remember all this is to use a pass phrase. Simply create a sentence to remember. However, don't pick a well known phrase like `An apple a day keeps the doctor
away' (Aaadktda). Instead, pick something like `My dog's first name is Rex' (MdfniR) or even better `My sister Peg is 24 years old' (MsPi24#yo). Once you have your password, change it and lock your workstation. Then practice logging in and out. If you mess up, you won’t lock yourself out. Keep your password in your wallet (next to your credit card) for a few days before
destroying it.

No comments: