|
“Open Sesame!” is probably
the most famous password in literature. It gave Ali Baba
access to vast treasure. In the realm of technology,
computer passwords also give access to valuable treasures:
precious business and personal data.
Information about your
personal life, buying habits, credit quality and life
style is valuable to those who can profit from it. For the
Corporation, information has even greater worth. It is not
the “Bricks and Mortar” but the intangibles such as
intellectual property, client lists, market strategies,
pricing and compensation that account for over half the
value of the modern enterprise.
All of this personal and
business data most likely resides on a database somewhere
and is available with a password. In fact, passwords are
the most common means of entry in any system. They are
also acknowledged as the most vulnerable points for
security. “Weak” or compromised passwords are the
easiest way for hackers to gain entry into a system.
Simple or short passwords
can be easily discovered through “brute force” or
“dictionary” attacks which concentrate intense
computer power to crack a password. A two letter password,
for example, has only 676 combinations. A password with
eight letters offers more safety with 208,000,000
combinations.
Ideally, a password should
consist of 8 or more characters. They should also contain
a mixture of upper and lower case letters, symbols and
numbers. “A$d3B5i9X” would be an example. Microsoft
security has encouraged the concept of the “Pass
Phrase” as an alternative. A phrase such
as,”TheLastGoodBookUBoughtCost$25!” has all of the
needed elements and is also easy to remember.
The human factor or social
engineering contributes to password compromises. It is
estimated that employees share their password eight times
a year. Passwords can also be cajoled from untrained or naïve
workers. The standard rule is NEVER share a password.
Remember the cliché of the
“Six Degrees of Separation.” You cannot know who will
eventually end up with your password and own it.
To cope with these issues,
many leading edge firms are adopting a defense in depth
strategy utilizing three elements to better safeguard
their information
The three layers of
authentication consist of:
What you know…
A strong password or pass phrase
What you have…
A Crypto-key, smart card or token
Who you are…
A biometric aspect such as fingerprint, hand, or retinal
recognition
Usage of these three
defensive measures will increase dramatically in the
future as people seek to thwart ever increasing threats to
their private and personal information. Many companies
will be mandating them as a significant part of their
security best-practices to safeguard an extremely valuable
asset: their treasured data.
|
