Copyright: No part may be reproduced or copied without my direct written permission. This web site has been created purely for amusement and entertainment purposes.

Passwords as a security mechanism – Bah!
Friday, 06 July 2007 00:00
As an authentication mechanism passwords provide a way of securing access to computer systems, web sites or even bank accounts. Each system in it’s own right probably has some box ticked by a faceless moron to prove that it has conformed to some security standard or other.

Some of these systems may be “smart” by enforcing password rules such as regular password changes, only allowing un pronounceable words or forcing a mixture of numerals and punctuation marks.

For the infrequent user this may cause issue as infrequently used accounts are repeatedly locked as they enforce the super secure rule set.

As any “normal” user would do, you’ll have your standard set pf phrases that you’ll use, and probably after some rotation you’ll run out and be forced to remember new combinations.

This is all crap.

You see, as someone who has worked in IT for the last 20 years (and seen this all before) you will end up with loads of systems that you must access, each with their own password mechanisms and rule sets all enforcing regular change to the point that it is no longer reasonable for a person to remember the 50 or more passwords required to conduct daily business.

So what are the solutions then?

Well you could go all joined up and use single sign on, but that presumes that your works systems are somehow integrated into your public web site, ISP, bank account and all the other things.

I’m sure that some people even bought into the Microsoft Passport to manage authentication to a myriad of web sites that also signed up for it. Not sure how happy I am though entrusting Microsoft with anything to do with security?

Others use their PDA’s to store passwords, or even a spreadsheet, and securing these lists with one super password that unlocks all.
It’s all a bit of a mess really.

As an IT professional (ok that WAS funny) it’s just completely unmanageable. That was until I retro fitted a simple solution that works every time.

Now I have everyone’s attention.

My screen has post it’s all around with passwords written on it.
Simple, efficient, very cost effective, and there’s no danger of me forgetting any.

Whatever you do though, do not, I repeat, DO NOT click on the image above. It will be a violation of my security policy. Doh!

Later dudes.

Add your comment

Your name:
Comment:
yvComment v.1.17.1
 

Valid XHTML and CSS.