Sunday, August 1, 2004

Password Problems Predictable, Preventable

<--My Recovered Blog -->
http://www.securitypipeline.com/trends/29100873

By Keith Ferrell,

Password usage keeps growing, yet widely ignored best-practices mean they're less secure now than ever.

Evidently, men are password pigs.

According to a research group investigating image-based passwords, men tended to pick images of attractive female models. That was predictable--and not just because men are. Predictability itself, in many forms, is one of the biggest password challenges.

That's been true since the earliest days of computing, and is no less so today, despite plenty of readily available, solid password advice.

Yet most of us still make our passwords the old-fashioned way--creating one password per identification-required account, probably using a recognizable word or number sequence. Worse yet, but even more predictable, many of us keep that same password for extended periods of time. How many of us have had the same password for the same account for months? Years?

Even scrupulously following password best practices is no guarantee that your secret word will remain yours alone. Not in this age of keystroke loggers on the prowl for passwords and PINs.

It's hard to say when technology will be able to solve the password problem. Biometric passports have faced trouble crossing hurdles in the real world, and there's no reason to expect that fingerprint and other physical identifiers will make a more rapid leap to our desktops.

Likewise, the growing array of sophisticated access management suites may offer some authentication relief to enterprises that deploy them, but don't look for widespread implementation right away.

Meanwhile, the gathering e-commerce enthusiasm for single sign-on solutions is matched by a rising chorus citing SSO's problems.

Suppose all of the technical problems were overcome, though, and all of the hackers and phishers went away? Would that solve the password problem?

Probably not. Human nature being what it is, a substantial percentage of us just won't be able to keep our passwords secret, no matter how badly we need to. After all, three-quarters of the people surveyed recently admitted that they would gladly swap their password for chocolate.

Which just goes to show that, sure, men may be pigs when it comes to passwords, but few secrets are safe when anyone's sweet tooth is tempted.

posted by _[ n S r ]_ at 2:50 AM 0 comments

<--My Recovered Blog -->
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)