Passwords and Security Improvements
User names and passwords are a necessary evil. In this post, I briefly offer some tips and tools to help you maintain good security habits.
Authenticating different accounts on various sites creates complacent conduct. Solutions such as OpenID, reduce the number of username/passwords that you have to recall. Unfortunately, not every site utilizes a third party identity login. First, let this be a reminder to update your passwords throughout your systems.
Bruce Schneier has a good summary, so I will highlight his and Becky Waring articles.
- DO use a password manager.
- DO change passwords frequently. I change mine every six months or whenever I sign in to a site I haven’t visited in long time. Don’t reuse old passwords. Password managers can assign expiration dates to your passwords and remind you when the passwords are about to expire.
- DO keep your passwords secret. Putting them into a file on your computer, e-mailing them to others, or writing them on a piece of paper in your desk is tantamount to giving them away. If you must allow someone else access to an account, create a temporary password just for them and then change it back immediately afterward.
Passwords can be applied to the entry of many systems. While at a hotel, if the cleaning staff are in my room with the door propped open, I appreciate it when the staff make me put the keycard into the room door to verify my right to the room. Things are getting better as a result of technology, and the social awareness and education of aberrant tactics. (I still am surprised at the number of merchants that will read the back of my credit card which says “REQUEST ID”, look up at me, and never ask for my license.) Thank others for challenging your access.
Other technologies and methods such as picture and icon passwords are an alternative to remembering text characters. (The icon set is also useful for CAPTCHAs.) More details on picture passwords available on PDF. Biometric devices are also constantly getting better; they are an excellent secondary authentication factor. Pressure and angle sensitive pens and signature pads to detect forgeries are another interesting idea to follow. Until these alternatives become robust, we are stuck with text passwords.
If you know someone that has difficulty coming up with a valid password, refer them to one of the online password generators.
« Cube Grenades | Home | Five things I wish everyone knew about email »