Logo

User login

Browse archives

« October 2008  
Su Mo Tu We Th Fr Sa
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Who's online

There are currently 0 users and 9 guests online.

Syndicate

XML feed
Home

In two decades, personal computers have morphed from electronic novelties into one of life's mus... Passwords become so passe..

Submitted by admin on Fri, 2005-10-07 06:00.

Whether the name of a favorite child or pet, a combination of initials and birth dates, or a clever mix of letters, numerals, spaces and shift-keyed symbols, passwords -- at least using them alone -- are passe. And with authentication techniques changing, experts say relief also is on the way for computer users stressed by trying to remember dozens of log-on combinations.

In the past year, computer-makers have crowned biometrics, particularly on-board sensors that read fingerprints, as the preferred choice for authenticating users. Microsoft, IBM, Hewlett-Packard and Toshiba are pushing fingerprint-reading notebooks and a new line of sensor-equipped keyboards.

Other gadget-makers also provide finger-scanning add-ons, while researchers reportedly are advancing commercial versions of retinal and facial recognition software and devices, smartcards and plug-in security keys.

"Passwords can be effective, if you can remember them all," laments Vincent Weafer, senior director of Symantec Security Response Team. "People are so overwhelmed with the number of passwords needed (that) they write them on notes stuck to their (PC) monitors, or have the same passwords for everything."

Symantec, a leading computer security software and consulting company best known for Norton antivirus suites, estimates 90 percent of people never bother to craft passwords of their own.

"That leaves the default passwords they come with, and hackers know all the main default passwords," Weafer says. "That's like not locking the doors until someone breaks in."

What makes a good password? Unpredictability, mixed with unique meaning to the user. Weafer suggests using a phrase such as "I was born in Los Angeles 20 years ago." Easy to remember, hard to guess and at 30 characters, harder to hack.

Still, no password is safe. Hackers have an effective arsenal. "Brute force" attacks try all possible combinations, character by character, to attack a target. Dictionary-based routines compare up to 100,000 words in a few seconds. "Syllable" checkers pick up on bogus word forms. "Rule-based" attacks sniff out repetitive passwords.

The question, says Pete Ashdown, president of Salt Lake City Internet service provider Xmission, is not whether a password can be cracked, but how to make it so time consuming that hackers won't want to try to guess it.

Jay Christofferson, associate professor at Brigham Young University's School of Technology, uses one of several commercially available programs that lock away and automatically trigger passwords as needed.

"To me, it's more and more a nuisance, almost trying to keep honest people honest," Christofferson says. He gives a lukewarm endorsement to fingerprint and retinal scanners.

Jay Lepreau, a University of Utah research professor of computer science, isn't as ready to abandon passwords for high-tech gadgetry. His solution: "Store them on a piece of paper. Seriously. How often is your wallet stolen, where perhaps you store your passwords, or a locked desk drawer, broken into?

This is cache, read story here