[Skip to main content] [Skip to secondary navigation]

A Few Words about Passwords

image for A Few Words about Passwords

As defined in The Free On-line Dictionary of Computing, c 1993-1994 Denis Howe:

Password {security} An arbitrary string of characters chosen by a user or system administrator and used to authenticate the user when he attempts to log on, in order to prevent unauthorised access to his account.

A favourite activity among unimaginative computer nerds and crackers is writing programs which attempts to discover passwords by using lists of commonly chosen passwords such as people’s names (spelled forward or backward). It is recommended that to defeat such passwords use a mixture of upper and lower case letters or digits and avoid proper names and real words. If you have trouble remembering random strings of characters, make up an acronym like "ihgr8trmP" ("I have great trouble remembering my password").

A survey on passwords was carried out for the Infosecurity Europe trade show that was held in Olympia earlier this year. The survey data was gathered by questioning commuters passing through Liverpool Street Station, London where it was found that most people were happy to share login and password information with the researchers. Mind you, were they able to test the passwords to ensure that the information was correct?

On average a person generally has to remember approximately four passwords, however, there are those that have far more to recall. So how do you remember them? What is your system for the recollection of passwords? Some people use the same password for everything, whereas others write them down and hide them in a desk drawer! Choosing something familiar is the most common choice of a password, ie. those that are to do with family names, pet’s names or football teams.

Tony Neale from the National Hi-Tech Crime Unit said, "The British economy loses millions of pounds a year as a result of identity fraud". Consequently employers would be well advised to ensure that employees are aware of the security risk and the need to keep personal passwords confidential. The password should be changed regularly and must never be shared or divulged to any unauthorised person.

The ICAEWs IT Faculty’s latest publication, ‘Controlling Access to IT Systems’ contains some interesting points about the cracking of passwords. The publication notes that there is ‘password cracking’ software freely available that can be used to crack different password formats. A six-digit alphanumeric password would take just six hours to crack. If this were case sensitive with upper and lower case, alphanumeric with at least one special character (currency symbol, hash etc) and still a six-digit password it would then take three months to crack. If the length of this type of password was increased to seven characters then it would take 20 years.

80% questioned, during the Infosecurity Europe survey, stated that they were fed up with passwords and would like a better way to login to their work PCs. Until such a time as technology allows us to dispense with our password in favour of eye recognition, voice recognition or fingerprints - it is worth remembering that the computer hackers are still out there.

Jane Hailstone
Qdos Consulting

View more news

 
SBJ UK Limited trading as SBJ Professional. Authorised and regulated by the Financial Services Authority
© 2007 - 2008 SBJ UK Limited