Skip to content

Passwords – Not the Ultimate Security Tool

November 9, 2016

In my efforts to move my web-site, I ended up in a conversation regarding securing the site’s logins. Meanwhile, I also read an article that addressed the issue. Both had some focus on passwords that I thought interesting.

In the conversation with my new hosting company’s representative regarding ways to secure my site, they discussed issues beyond ordinary passwords, such as two-factor authentication and keys as being things to focus on. If you don’t know what I mean by a “key” think of the RSA keys the big companies use when you’re logging into their systems. They hand you some kind of random number generator to use as part of your login. In some cases, a key is created for a specific machine’s verification beyond the passwords we think we depend on.

Meanwhile, I was reading my latest copy (Volume 59, Number 11) of “Communications of the ACM” (Association of Computing Machinery) and ran across the article “Pushing on String: “The ‘Don’t are’ Region of Password Strength” which gave yet another bit of information about passwords. It talked about how complex password rules aren’t the be-all, end-all for security. For one, the effectiveness of this tactic is limited depending on whether the threats are from the on-line or the off-line community. For another, it assumes the problems have to do with the passwords. For example, if someone can steal your actual passwords, the strength doesn’t matter.

Finally
There are many things we can do to secure our systems. While companies seem to be advancing toward more and more complex passwords, one has to hope they don’t think this is going to protect their systems. Hopefully, they understand what their true risks are and are addressing those, as well.

As for my new web-site, while I do have accounts password-protected (and not with my birthday, age, favorite food or anything else easily-guessed), it’s not one of the super-long, super-cryptic ones, either. It’s not that difficult to consider using other types of security measures, as well, even for companies of my size. There are a wide variety of choices and affordable ones to give us all practical security alternatives.

Gloria Metrick
GeoMetrick Enterprises
http://www.GeoMetrick.com/

Advertisements
4 Comments leave one →
  1. Greg Mendizabal permalink
    November 9, 2016 2:41 pm

    You should check out: https://www.grc.com/sqrl/sqrl.htm
    get away from passwords entirely. Part of the problem is relying on a website to keep your secret. You keep the secret. It’s your responsibility.
    Greg

  2. November 9, 2016 3:02 pm

    Greg, with its QR code, that’s an interesting way to authenticate. It’s another variation of the key except I think that this link says the code is specific to the user where we sometimes consider the key being specific to the machine.

  3. Greg Mendizabal permalink
    November 9, 2016 4:01 pm

    It’s unique to you (they secret key you created) and the website by way of encryption.

Trackbacks

  1. More on Security | Out on a LIMS®: The Blog For People Who Risk Life and LIMS™ on a Daily Basis

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: