PASSWORDS - WHEN NEEDS MUST

Passwords, the concept is a much debated topic in information security. The debate covers everything from how inadequately they protect systems all the way to how to best choose one. But whatever you think, you cannot deny that passwords are still very much alive, and by all indications will probably still be around for a while, and so we need to know about them.

Why Passwords?
Well most the of the protections used in information security centre around the simple fact of authentication. The system must first know who a user is before it can know how it must deal with that user, and this is done through different authentication factors:

Authentication
Description
Type 1
This is when something you know is used
Type 2
This is when something you have is used
Type 3
This is when something you are is used
Type 4
This is when something you do is used
Type 5
This is when somewhere you are is used

Now of these different authentication classifications, the one which has been around the longest and which is the easiest to implement is Type 1 authentication, the time-honored usage of a password. By giving a system the right username and password, you convince that system that you are that user and are thus granted all the rights and limitations relevant to that user. Unfortunately, passwords are also considered to be the weakest form of protection around.

Why Are Passwords Bad?
There are a couple of reasons as to why passwords have their bad reputation; How Are Passwords Attacked?
There are more then a few ways in which an attacker can attempt to crack a password;
What To Do?
If you have to use a password then, you should follow some basic guidelines to ensure that you choose one which is not going to make an attackers job any easier;
What Else?
The are some novel ways in which passwords have been implemented which aim at making their use more secure;
Well that the end of this article, remember passwords are not bad, people who choose weak passwords are bad. Seriously though, the use of passwords is not going to disappear any time soon and choosing and using passwords can be made much more secure of just following good password practices and not being lazy. Bear in mind that attackers will always choose an easy target over a difficult one, so make sure your passwords cause any attacker many headaches.



¹ : Protocols - The Problem with Cleartext