Search

Search for words used in entries on this website

Enter the words[s] to search for here:

Sponsors

Strategies for enhancing password security

Bruce Cowper has posted an interesting article discussing Passwords and Passphrases following Bill's keynote @ ITForum last month. Clearly we'd all like to see the back of passwords as they are unfriendly to users. In time technology may make it feasible for devices such as smartcards and federated authentication services to enable us to take the pain away. In the meantime there are so many systems that require users to enter static passwords that we need to consider how to get the maximum level of security from this basic form of authentication.

As Bruce points out in his article there are some discussion papers located on TechNet which discuss the use of PassPhrases rather than Passwords. The concept is pretty straight forward, advise users to enter whole sentences in the password field rather than individual words or cryptic combinations of characters. It's not realistic to expect users to remember long strings of random characters for their passwords let alone expect them to change them frequently without writing them down.

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		Emoticons / Textile
Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots. What are the first four letters of Techlog?     ( Register your username / Log in )
Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.