|
A Brief on Password Protection
A password is like underwear, computer security experts
say. You shouldn’t share it or leave it lying around in public places. Most
important, change it frequently.
Password security is trickier than ever in a business environment
increasingly dependent on connections with outside computer systems. You must
guard against risks not only in your own system, but also in the systems of
companies you do business with electronically and the companies they do
business with — and so on and so on and so on.
Combine this web of connectivity with the growing sophistication of hackers
armed with password-breaking software systems and the vulnerability of
wireless data transmission and you have the formula for breakdown of
enterprise security systems.
New Defenses
The growing threat of security breaches has spawned a new generation of
security technology known as usage dynamics, built around tracking patterns
of computer usage to authenticate the user’s identity. Other efforts to
strengthen protection include use of biometric devices, digital certificates,
and identity tokens.
But the high prices that come with these systems means that many companies
will continue to rely on the password. And try though they may to follow the
underwear protocol for passwords — attention to privacy and frequent changes
— businesses find their efforts thwarted by the difficulty of remembering
passwords.
Despite warnings, sticky notes display passwords on or near computers all
over America. For employees who do scrupulously observe password privacy
rules, the price is often lost productivity during downtime caused by
forgotten passwords.
Popular Choices
In an effort to avoid the downtime that comes with a forgotten password, many
computer users choose passwords based on popular culture, family names,
birthdays, or holidays. But this practice also can compromise password
security.
Any real word — from any language — weakens password protection. Hacker
software may contain entire dictionaries from many languages. Words from
popular songs, movies, novels, and TV shows are also in the databases used to
crack passwords.
What Can You Do?
The National Infrastructure Protection Center, an agency within the FBI,
suggests the following formula for creating a password that employees can
remember and hackers will have a hard time cracking:
- Choose a phrase of four or five words that
you’ll remember. Let’s say you choose "Change your underwear
often."
- Then choose a set of numbers meaningful to
you, perhaps a family birthday. As an example, we’ll use 1/5/78.
- Interlace the initial letters
from the phrase with the digits in your number set to come up with your
password: c1y5u7o8.
But the center warns that even the quirkiest set of symbols can be decoded by
hackers if they have enough time. So it’s still as important as ever to
change your password often.
|
