Hackers are everywhere, and they have a sophisticated array of tools for cracking your passwords. The primary purpose of this white paper is to help you understand that easy-to-remember passwords are no longer considered a secure form of authentication. You should consider any static password that you can remember as vulnerable. Even static passwords that are random are still vulnerable to some extent - It just takes much longer for a password cracking attack to be successful, and the likelihood of that success is inversely proportional to the length of the password. Here are some tips to help you create effective passwords, and how to keep your passwords safe.
It has been years since single-password authentication was even potentially a good security idea. You should consider any static password that you can remember as vulnerable. Let's take a look at what makes a good password and then examine ten easy steps you can use to make your password as secure as possible.
Security can be defined in many ways. One way is accountability, which is when security is holding people responsible for their actions. In order to hold someone accountable, three elements must be present.
Authentication is the proving or verification that a specific person is who they claim to be. In most cases within a computer network, authentication is used to link a specific person to a specific user account. When a person attempts to log on, they claim an identity, often by typing in a user name, then they must provide authentication factors to prove that they are (or at least are responsible for) the claimed identity.
Auditing of events is the recording of all activities of the system, resources, and users. This creates a log trail of everything that took place within the computer network and to some extent within the organization's facility during a specific period of time.
Authorization is the assignment of rights, permissions, and privileges to users that enables them to accomplish their assigned work tasks. Authorization is also the prevention or denial of access to any resource or activity that is not granted to a user. Thus, authorization is a collection of allows and denies that define the activity and access boundaries for a user. Every user will have their own unique, custom, and focused set of access boundaries.
Of these three essential security services, authentication is the most important. Failing to prove a solid and unassailable link between a digital identity (i.e., a user account) and a person prevents us from holding someone accountable for the recorded actions of a user account. Without strong authentication, it is not possible to hold someone accountable.
Unfortunately, authentication is where most systems, services, online sites, and organizations fail in their attempts to provide accountability security. The reason for this failure is passwords. Passwords are the most commonly used form of authentication. However, in practical terms and use, they end up being the least effective form of authentication.