- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
One of the members of the Master Mind Security Panel during the ITEC show in Charlotte, Dan Colby, made a great point. Basically, he said "quit using passwords."
Colby is president and CEO of Pinstripe, an application development and consulting company in Charlotte. They provide all the IT services for many area SMBs, including security.
What will replace passwords? Passphrases. Let me quote Colby from an e-mail he sent me about this security idea.
“Passphrases have become the preferred method for password-protecting end user devices. The concept is simple. It is much easier to remember, 'Let the force be with you' than it is to remember "!PS12Na#" and the passphrase is often more secure. The longer the passphrase, the more secure it is.”
While Colby said “end user devices” I think passphrases work with devices with good keyboards, like desktop and laptop computers. Smartphones may have keyboards, but few companies can really enforce the use of a decent password on handheld devices, much less a passphrase.
Security experts agree with Colby about the value of passphrases. The longer the password, or passphrase, the more time and computer power needed to hack it. Companies demand bizarre passwords like "!PS12Na#" to increase the difficulty level of hacking the password. Real people, however resort to what Colby calls the “Post-It note effect” of passwords stuck to monitors. Advanced users have learned to take those passwords off their monitors and hide them under their keyboards. Oops, I just ruined the security plans for one of every three users in many companies.
Administrators must configure security applications to accept longer passwords so passphrases work. Many applications also demand upper and lower case letters, at least one number, and at least one symbol. Hence the impossible-to-remember password "!PS12Na#" provided by Colby.
Check all your password hungry applications and operating systems, including local computers, servers, and online systems. Supporting passphrases in three of four locations doesn't help. This technique must truly be all or none to work properly.
Independent security experts say to configure password fields to accept between 15 and 128 characters. 15 characters as a minimum pushes the password into passphrase territory automatically. Microsoft, however, limits password fields to 127 characters in Active Directory, and therefor Exchange. But 127 should work for almost every passphrase.
Rss FeedRss Feed
Discover the capabilities your file integrity monitoring solution should have to effectively secure...
6 Simple Steps to Disaster Recovery PlanningDiscover the six simple steps you can take today to create - or bolster - your disaster recovery...
Toward More Flexible, Next-Generation Collaboration SolutionsA recent study by CIO Magazine and IDG Research Services found that while collaboration tools are...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
Discover how Software as a Service is the economical alternative to expensive on-site software,...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Company Description
Emerson Network Power and its Liebert power and cooling technologies increase IT system flexibility and availability, while lowering the total cost of ownership.
Power and Cooling Guidelines
Learn how to optimize power and cooling in network access rooms to keep equipment operating at peak performance and proactively monitor changes.
Download this white paper
Business-Critical Continuity
Read about Sequent and how they implemented a new data center to meet current requirements while easily scaling to support projected growth.
Download this case study
Cutting Energy Costs
Reduce cooling system energy costs by 30 to 45 percent through five data center efficiency strategies.
Download this white paper
Comments (2)
pass phrasesBy Anonymous on July 15, 2008, 5:40 pmDisagree, pass phrases should be used to trigger memory of a password, not replace it. And someone watching you type may be able to guess the phrase seeing a single...
Reply | Read entire comment
Passwords vs. passphrasesBy netgreen on July 10, 2008, 10:52 amAs you noted, the problem with long passphrases is that there are so many characters to enter; and when all you see are asterisks in the password field, it's very...
Reply | Read entire comment
View all comments