A strong password defense is easy to construct

A strong password defense is easy to construct
A strong password defense is easy to construct 

By Roger Dube
Rochester Business Journal
August 6, 2010

We've all read the news items: Someone's identity is stolen, bank 
accounts emptied and credit cards used to make thousands of dollars' 
worth of phony purchases. Individuals no longer are the prime targets of 
such attacks, however. The Wall Street Journal has reported that a 
growing number of small businesses are losing large sums of money 
through attacks on their online banking accounts. A recent IT security 
report indicated that losses of small businesses to such attacks this 
year will exceed $3.8 billion.

Gaining access to accounts and information requires the attacker to 
somehow get past the defenses erected around the target-a computer or 
network of computers. In the final analysis, encryption algorithms 
protect these systems. These encryption algorithms must be unlocked by 
the use of proper credentials. Different systems require different 
credentials, but the simplest ones (and likely the majority of them) use 

Properly constructed passwords employ at least two lower-case 
characters, two upper-case characters, two numbers that are not at the 
beginning or end of the password and two special characters. These often 
are difficult to remember, and users today are required not only to use 
several of these complex passwords but to change them frequently to 
protect against theft.

Unfortunately, people are not designed to be able to memorize long 
sequences of random characters. As a result, people usually create 
passwords they can remember easily-and these passwords become the 
weakest link in a computer's security system. Attackers know this, and 
they always attack the weakest link.


Visit InfoSec News! 

Site design & layout copyright © 1986-2015 CodeGods