Does this sound like a familiar ritual to you?
Before she begins work each morning, Kate Prior must enter eight computer passwords. Each must contain at least eight characters, and most require letters and numbers. Every three months, she must change them all.
The article in the Wall Street Journal goes on to reveal how Ms. Prior remembers all of her passwords:
They’re written on a blue Post-It note affixed to her computer
If you work for a security-conscious company you probably have just as many passwords at work: passwords for hardware power-on/hard-disk, for NT Domains, for e-mail, for the corporate Intranet, for the phonemail system, for IM, for VPN, for HR benefits access, etc. And usually they need to be changed on a regular schedule. Worse yet, some passwords get cached away by software which means that when you change a password you may need to update it in more than one place. And since many authentication systems now use a “three strikes and you’re locked out” policy, if you forget to update a system you can end up locked out of an account. What fun. How do we get out of this mess?
Robert Hensing’s solution is to use long pass-phrases instead of short passwords. They’re easier to remember and harder to crack. The practical problem would be changing all of the authentication systems to allow long pass-phrases. And unless you work in a homogeneous environment with a single directory, you would have lots of pass-phrases rather than passwords to remember.
Biometric security such as the fingerprint sensor in the ThinkPad T42 is an interesting alternative. Nothing to memorize, nothing to change. Even if it only eliminated the need for a few of my passwords, I’d be happier.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.