Open Sesame – Password Security

“Open Sesame!” probably the most famous password in literature. This gave Ali Baba access to vast treasures. In the realm of technology, computer passwords also provide access to valuable treasures: valuable business and personal data.

Information about your personal life, shopping habits, credit score and lifestyle is valuable to those who can profit from it. For a corporation, information is even more valuable. More than half of the value of a modern enterprise is not brick and mortar, but intangible assets such as intellectual property, customer lists, market strategies, pricing and compensation.

All of this personal and business data is likely in a database somewhere and accessible with a password. In fact, passwords are the most common means of logging into any system. They are also recognized as the most vulnerable places for security.

“Weak” or cracked passwords are the easiest way for hackers to gain access to your system.

Simple or short passwords can be easily found using “brute force” or “dictionary”

attacks that concentrate intensive computer power to crack a password. A two-letter password, for example, has only 676 combinations. An eight-letter password provides greater security with 208,000,000 combinations.

Ideally, the password should be 8 or more characters. They must also contain

a mix of upper and lower case letters, symbols and numbers. “A$d3B5i9X” will

be an example. Microsoft Security encouraged the concept of a “passphrase” as an alternative. A phrase like “The last good book bought was $25!” has all the necessary elements and is also easy to remember.

Human factors or social engineering contribute to password cracking. Employees are supposed to share their password eight times a year. Passwords can also be coaxed from untrained or naive workers. The standard rule is NEVER share your password.

Remember the cliché “Six degrees of separation”. You can’t know who will end up getting your password and owning it.

To deal with these challenges, many leading firms are adopting a defense-in-depth strategy, using three elements to better protect their information

The three levels of authentication consist of:

What you know…

A strong password or passphrase

What do you have…

Crypto key, smart card or token

Who are you…

The biometric aspect, such as fingerprint, hand or retina recognition

The use of these three safeguards will increase dramatically in the future as people seek to prevent ever-increasing threats to their private and personal information.

Many companies will introduce them as an important part of security.

practices to safeguard an extremely valuable asset: their valuable data.

© 2004 Terence F. Doheny