By: Rick Parrott
Go into to any office and look under the computer keyboards and you’ll eventually find a little piece of paper with that users logon ID and passwords. Probably every password that person has.
This illustrates a serious problem with the use of networked computers in business. User apathy and IT security arrogance often combine to defeat the purpose of established security policies.
What happens is that IT security policies clash with usability. Most customers will not follow policies they see as too difficult. One place IT policies and user compliance clash is at the point of entry for any secure computer system. The logon screen.
First, let’s agree on a definition for a strong password.
From Webopedia, A password that is difficult to detect by both humans and computer programs, effectively protecting data from unauthorized. A strong password consists of at least six characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.) if allowed. Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase. Strong passwords also do not contain words that can be found in a dictionary or parts of the user’s own name.
Customers will not use difficult passwords. Sorry, they just won’t! For instance, you have two passwords: 1Xc%&27m3 and parrott5. Which is the strongest? Which do you think your customers will use?
The key here is education. End-users must be educated on the seriousness of computer security and IT security professionals need to be aware of the needs of their user base.
You should avoid sequential passwords: parrott1, parrott2, parrott3... You should use a password that is easy to remember, but not in any dictionary. Maybe combine parts of two words, adding capital letters and numbers.
IT security professionals may not like this compromise, but it is better than passwords that are easily broken.
Strong passwords are critical to the security of any computer security, but are they the best way to control access? In part two, we’ll look at alternatives to passwords.
