Password security

Posted on April 28, 2003 @ 11:45 in General

I was thinking about the sloppy network security at the university (shh!) and how, for a start, passwords might be made more secure. Of course you'd start with not allowing words in any dictionary, names and birth dates, and you'd require 8 or more characters, including lower case, capitals, numbers and keyboard symbols. You could for instance implement a password generator and some of those generate random passwords that are easy to pronounce, making them easier to remember. Then you'd force users to change their passwords every one to three months.

Now, your passwords would be difficult to crack, but also difficult to remember, so users start to write them down and tape them to the underside of their keyboards. So, I guess, unless you make (password) authentication easier to use (biometrics?), sysadmins for large organizations are going to be stuck between a rock and a hard place.

Comments and Trackbacks

  1. My old university had just the strictures you describe--these are not that uncommon in other organizations. Moreover, naturally, you could not use a password you had *ever* used before. Yes, a lot of people wrote down their passwords for this reason.

    I think the issue is one of where the threat is located. Most of the attacks on our university were from outside of our city (in fact, most were from Asia and Europe). If you trust your physical environment more than your virtual environment, tape under desk drawers isn't as much of a threat.

    My new university is just the opposite. Students choose their own passwords and keep them for life. Campus computing, however, does not allow the use of CGI on student websites, because of the risk. That is, they consider the students more of a threat than the outside world. I am not as involved in campus computing here, so I can't say whether that is justified, but it is an interesting difference in perception.

    Posted by Alex Halavais on April 30, 2003 @ 16:33

Post a comment

Comments and trackbacks have been closed on this site. My apologies.

Since MT-Blacklist inexplicably stopped working I had no other recourse than close comments and trackbacks to stop the spam. I've been meaning to correct this for quite a while, but life got in the way... in a good way I should add.