Wednesday, August 10, 2011

Password Security - Summary

The idea of using a password is thousands of years old, but today it is most commonly associated with computer authentication. Passwords are kept secret and used to prove the identity of a user on a computer system. Today passwords are used more than any other time in history. Almost every person in the United States has a password of some sort tied to a computer system. This includes new uses such as passwords associated with mobile technology.

Overwhelmed with passwords, many people fall victim to bad habits that weaken the security the passwords were intended to provide. Users often use weak passwords because they are easier to remember and reuse passwords across multiple services. Services often fail to address these problems as well. Poor practices for password storage and site security allow malicious users to access password databases, putting all users of the service at risk.

The people trying to gain access to your passwords are better known as crackers. A cracker might use your password to access the site of origin, but often their motivation for stealing passwords is to gain access to other services. Crackers have a number of tools at their disposal to combat modern password safety measures such as rainbow tables, key loggers, man-in-the-middle attacks, and social engineering attacks such as phishing.

There are ways to protect users against many of these techniques. Services can follow best practices for storing passwords and authenticating users. Alternatives to passwords exist. Users can pick better passwords. Software can help users manage their passwords securely. Some effort is required, but users can combine both convenience and security.

Next time I will introduce passwords with some history and the concept of authentication.

No comments: