Password Protection and Management
A password is the most basic mechanism of security necessary to protect computer systems and internet access to private information. Unfortunately, password safety is often overlooked by the majority of people, including those in the IT community. The problem stems from the fact that there is very little understanding of either how security works or how human beings behave, and this leads to very poor protection against serious and determined password attacks. This is particularly important if what is being protected by the password is highly sensitive. for all intent and purposes, the access to private information via a password must satisfy the principles of confidentiality and integrity. Password usage should follow McMaster’s Password Policy. For information about MacID password complexity requirements, please visit: http://www.mcmaster.ca/uts/macid/passwd.html.
Typical password protection issues stemming from common human behaviour
- Write passwords down on sticky notes.
- Place passwords under the keyboard.
- Place a sticky note containing a password on monitor screen.
- Share the password (or swipe card) with other people.
- Choose an easily guessable password.
- Use a password on a non-secure machine or on a system/application that “remembers” passwords.
Typical issues with security questions for password maintenance
- Questions are non-memorable.
- Questions are ambiguous.
- Questions are easily guessable.
How to Manage Multiple Passwords
In the age of Internet, people often find that they need to juggle multiple passwords for their email accounts, web sites they routinely visit, and any other Internet-based services that they use. While it is impractical to create a completely different password for every web site or account, using the same password in multiple locations is very dangerous. If the password gets stolen from any one of the places where it is used, it can be used to compromised other, more sensitive services.